Re: [PATCH -next v5 0/3] support concurrent sync io for bfq on a specail occasion

From: Yu Kuai
Date: Tue Jun 07 2022 - 09:07:03 EST


在 2022/06/07 19:51, Yu Kuai 写道:
在 2022/06/07 17:54, Jan Kara 写道:
On Tue 07-06-22 11:10:27, Yu Kuai wrote:
在 2022/05/23 23:25, Jan Kara 写道:
Hum, for me all emails from Huawei I've received even today fail the DKIM
check. After some more digging there is interesting inconsistency in DMARC
configuration for huawei.com domain. There is DMARC record for huawei.com
like:

huawei.com.        600    IN    TXT "v=DMARC1;p=none;rua=mailto:dmarc@xxxxxxxxxxxxxx";

which means no DKIM is required but _dmarc.huawei.com has:

_dmarc.huawei.com.    600    IN    TXT "v=DMARC1;p=quarantine;ruf=mailto:dmarc@xxxxxxxxxx;rua=mailto:dmarc@xxxxxxxxxx";

which says that DKIM is required. I guess this inconsistency may be the
reason why there are problems with DKIM validation for senders from
huawei.com. Yu Kuai, can you perhaps take this to your IT support to fix
this? Either make sure huawei.com emails get properly signed with DKIM or
remove the 'quarantine' record from _dmarc.huawei.com. Thanks!

                                Honza

Hi, Jan and Jens

I just got response from our IT support:

'fo' is not set in our dmarc configuration(default is 0), which means
SPF and DKIM verify both failed so that emails will end up in spam.

It right that DKIM verify is failed because there is no signed key,
however, our IT support are curious how SPF verify faild.

Can you guys please take a look at ip address of sender? So our IT
support can take a look if they miss it from SPF records.

So SPF is what makes me receive direct emails from you. For example on this
email I can see:

Received: from frasgout.his.huawei.com (frasgout.his.huawei.com
         [185.176.79.56])
         (using TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128
         bits))
         (No client certificate requested)
         by smtp-in2.suse.de (Postfix) with ESMTPS id 4LHFjN2L0dzZfj
         for <jack@xxxxxxx>; Tue,  7 Jun 2022 03:10:32 +0000 (UTC)
...
Authentication-Results: smtp-in2.suse.de;
         dkim=none;
         dmarc=pass (policy=quarantine) header.from=huawei.com;
         spf=pass (smtp-in2.suse.de: domain of yukuai3@xxxxxxxxxx designates
         185.176.79.56 as permitted sender) smtp.mailfrom=yukuai3@xxxxxxxxxx

So indeed frasgout.his.huawei.com is correct outgoing server which makes
smtp-in2.suse.de believe the email despite missing DKIM signature. But the
problem starts when you send email to a mailing list. Let me take for
example your email from June 2 with Message-ID
<20220602082129.2805890-1-yukuai3@xxxxxxxxxx>, subject "[PATCH -next]
mm/filemap: fix that first page is not mark accessed in filemap_read()".
There the mailing list server forwards the email so we have:

Received: from smtp-in2.suse.de ([192.168.254.78])
         (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
         by dovecot-director2.suse.de with LMTPS
         id 8MC5NfVvmGIPLwAApTUePA
         (envelope-from <linux-fsdevel-owner@xxxxxxxxxxxxxxx>)
         for <jack@xxxxxxxxxxxx>; Thu, 02 Jun 2022 08:08:21 +0000
Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20])
         by smtp-in2.suse.de (Postfix) with ESMTP id 4LDJYK5bf0zZg5
         for <jack@xxxxxxx>; Thu,  2 Jun 2022 08:08:21 +0000 (UTC)
Received: (majordomo@xxxxxxxxxxxxxxx) by vger.kernel.org via listexpand
         id S232063AbiFBIIM (ORCPT <rfc822;jack@xxxxxxx>);
         Thu, 2 Jun 2022 04:08:12 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56178 "EHLO
         lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by
         vger.kernel.org
         with ESMTP id S232062AbiFBIIL (ORCPT
         <rfc822;linux-fsdevel@xxxxxxxxxxxxxxx>);
         Thu, 2 Jun 2022 04:08:11 -0400
Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188])
         by lindbergh.monkeyblade.net (Postfix) with ESMTPS id
         75DDB25FE;
         Thu,  2 Jun 2022 01:08:08 -0700 (PDT)

and thus smtp-in2.suse.de complains:

Authentication-Results: smtp-in2.suse.de;
         dkim=none;
         dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM"
         header.from=huawei.com (policy=quarantine);
         spf=pass (smtp-in2.suse.de: domain of
         linux-fsdevel-owner@xxxxxxxxxxxxxxx designates 2620:137:e000::1:20 as
         permitted sender) smtp.mailfrom=linux-fsdevel-owner@xxxxxxxxxxxxxxx

Because now we've got email with "From" header from huawei.com domain from
a vger mail server which was forwarding it. So SPF has no chance to match
(in fact SPF did pass for the Return-Path header which points to
vger.kernel.org but DMARC defines that if "From" and "Return-Path" do not
match, additional validation is needed - this is the "SPF not aligned
(relaxed)" message above). And missing DKIM (the additional validation
method) sends the email to spam.

Thanks a lot for your analysis, afaics, in order to fix the
problem, either your mail server change the configuration to set
alignment mode to "relaxed" instead of "strict", or our mail server
add correct DKIM signature for emails.

I'll contact with our IT support and try to add DKIM signature.

Thanks,
Kuai

Hi, Jan

Our IT support is worried that add DKIM signature will degrade
performance, may I ask that how is your mail server configuation? policy
is quarantine or none, and dkim signature is supportted or not.

Thanks,
Kuai