Re: [PATCH -next v5 0/3] support concurrent sync io for bfq on a specail occasion

From: Jan Kara
Date: Tue Jun 07 2022 - 05:54:37 EST

Next message: Jarkko Sakkinen: "Re: [PATCH v3] tpm: Add upgrade/reduced mode support for TPM1.2 modules"
Previous message: kernel test robot: "kernel/module/main.c:4515:14: warning: variable 'exit' set but not used"
In reply to: Yu Kuai: "Re: [PATCH -next v5 0/3] support concurrent sync io for bfq on a specail occasion"
Next in thread: Yu Kuai: "Re: [PATCH -next v5 0/3] support concurrent sync io for bfq on a specail occasion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue 07-06-22 11:10:27, Yu Kuai wrote:
> 在 2022/05/23 23:25, Jan Kara 写道:
> > Hum, for me all emails from Huawei I've received even today fail the DKIM
> > check. After some more digging there is interesting inconsistency in DMARC
> > configuration for huawei.com domain. There is DMARC record for huawei.com
> > like:
> >
> > huawei.com. 600 IN TXT "v=DMARC1;p=none;rua=mailto:dmarc@xxxxxxxxxxxxxx";
> >
> > which means no DKIM is required but _dmarc.huawei.com has:
> >
> > _dmarc.huawei.com. 600 IN TXT "v=DMARC1;p=quarantine;ruf=mailto:dmarc@xxxxxxxxxx;rua=mailto:dmarc@xxxxxxxxxx";
> >
> > which says that DKIM is required. I guess this inconsistency may be the
> > reason why there are problems with DKIM validation for senders from
> > huawei.com. Yu Kuai, can you perhaps take this to your IT support to fix
> > this? Either make sure huawei.com emails get properly signed with DKIM or
> > remove the 'quarantine' record from _dmarc.huawei.com. Thanks!
> >
> > Honza
> >
> Hi, Jan and Jens
>
> I just got response from our IT support:
>
> 'fo' is not set in our dmarc configuration(default is 0), which means
> SPF and DKIM verify both failed so that emails will end up in spam.
>
> It right that DKIM verify is failed because there is no signed key,
> however, our IT support are curious how SPF verify faild.
>
> Can you guys please take a look at ip address of sender? So our IT
> support can take a look if they miss it from SPF records.

So SPF is what makes me receive direct emails from you. For example on this
email I can see:

Received: from frasgout.his.huawei.com (frasgout.his.huawei.com
[185.176.79.56])
(using TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128
bits))
(No client certificate requested)
by smtp-in2.suse.de (Postfix) with ESMTPS id 4LHFjN2L0dzZfj
for <jack@xxxxxxx>; Tue, 7 Jun 2022 03:10:32 +0000 (UTC)
...
Authentication-Results: smtp-in2.suse.de;
dkim=none;
dmarc=pass (policy=quarantine) header.from=huawei.com;
spf=pass (smtp-in2.suse.de: domain of yukuai3@xxxxxxxxxx designates
185.176.79.56 as permitted sender) smtp.mailfrom=yukuai3@xxxxxxxxxx

So indeed frasgout.his.huawei.com is correct outgoing server which makes
smtp-in2.suse.de believe the email despite missing DKIM signature. But the
problem starts when you send email to a mailing list. Let me take for
example your email from June 2 with Message-ID
<20220602082129.2805890-1-yukuai3@xxxxxxxxxx>, subject "[PATCH -next]
mm/filemap: fix that first page is not mark accessed in filemap_read()".
There the mailing list server forwards the email so we have:

Received: from smtp-in2.suse.de ([192.168.254.78])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
by dovecot-director2.suse.de with LMTPS
id 8MC5NfVvmGIPLwAApTUePA
(envelope-from <linux-fsdevel-owner@xxxxxxxxxxxxxxx>)
for <jack@xxxxxxxxxxxx>; Thu, 02 Jun 2022 08:08:21 +0000
Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20])
by smtp-in2.suse.de (Postfix) with ESMTP id 4LDJYK5bf0zZg5
for <jack@xxxxxxx>; Thu, 2 Jun 2022 08:08:21 +0000 (UTC)
Received: (majordomo@xxxxxxxxxxxxxxx) by vger.kernel.org via listexpand
id S232063AbiFBIIM (ORCPT <rfc822;jack@xxxxxxx>);
Thu, 2 Jun 2022 04:08:12 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56178 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by
vger.kernel.org
with ESMTP id S232062AbiFBIIL (ORCPT
<rfc822;linux-fsdevel@xxxxxxxxxxxxxxx>);
Thu, 2 Jun 2022 04:08:11 -0400
Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id
75DDB25FE;
Thu, 2 Jun 2022 01:08:08 -0700 (PDT)

and thus smtp-in2.suse.de complains:

Authentication-Results: smtp-in2.suse.de;
dkim=none;
dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM"
header.from=huawei.com (policy=quarantine);
spf=pass (smtp-in2.suse.de: domain of
linux-fsdevel-owner@xxxxxxxxxxxxxxx designates 2620:137:e000::1:20 as
permitted sender) smtp.mailfrom=linux-fsdevel-owner@xxxxxxxxxxxxxxx

Because now we've got email with "From" header from huawei.com domain from
a vger mail server which was forwarding it. So SPF has no chance to match
(in fact SPF did pass for the Return-Path header which points to
vger.kernel.org but DMARC defines that if "From" and "Return-Path" do not
match, additional validation is needed - this is the "SPF not aligned
(relaxed)" message above). And missing DKIM (the additional validation
method) sends the email to spam.

Honza
--
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR

Next message: Jarkko Sakkinen: "Re: [PATCH v3] tpm: Add upgrade/reduced mode support for TPM1.2 modules"
Previous message: kernel test robot: "kernel/module/main.c:4515:14: warning: variable 'exit' set but not used"
In reply to: Yu Kuai: "Re: [PATCH -next v5 0/3] support concurrent sync io for bfq on a specail occasion"
Next in thread: Yu Kuai: "Re: [PATCH -next v5 0/3] support concurrent sync io for bfq on a specail occasion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]