Discussion:
amavis: Next Steps
Patrick Ben Koetter
2018-10-09 20:48:20 UTC
Permalink
Greetings,

first, and I really, really mean first before anything else can be said:

Thank you Mark! Thank you for all the work you put into amavis, for all
the hours of thinking and testing and thanks for fixing all the bugs over
the past years.

Now: I've been in contact offlist with a few people (including Mark),
discussing if and how we would want to maintain amavis in the future. At the
moment I'm ahead of these people, as some still have to check with their
companies or for other reasons if and how deeply they may get involved into
amavis.

As a quick measure we've decided to create infrastructure, open to the
community, to allow for open development and collaborative work.


== Development discussion

Those of you, who want to participate actively in amavis development
discussions, are invited to join the amavis-***@amavis.org mailing list.
Visit <https://lists.amavis.org/cgi-bin/mailman/listinfo/amavis-devel> to
subscribe.


== Coding, Documentation, Contributions

Those of you, who want to work on the code, are invited to get an account at
gitlab.com and join the amavis project at <https://gitlab.com/amavis/amavis>.

I took all amavis releases from Mark's collection and imported them in
historical order as branches (using a Perl script Mark had put together). At
the moment the repos master branch serves amavisd-new-2.11.1.


== Next Steps

So what are the next steps when you pick up the loose ends on a great project
that hasn't seen much attention recently?

These are the next steps that come to my mind:

- Fix known and blocking bugs and release a new version as soon as possible
- Form a group of people interested to contribute in amavis development (bug
fixing, documentation etc.)
- Create a list of issues (bugs, enhancements, suggestions etc.)
- Agree on certain project standards (workflow, coding, documentation etc.)
- Create a roadmap
- Get the work done


What is it you can do?

- File an issue/bug at <https://gitlab.com/amavis/amavis/issues>
- Tell what you would like to see improved in amavis


Looking forward to hear from all of you!

***@rick
--
[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 MÃŒnchen

Sitz der Gesellschaft: MÃŒnchen, Amtsgericht MÃŒnchen: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
Mark Rousell
2018-10-10 09:57:34 UTC
Permalink
Hello,
Post by Patrick Ben Koetter
== Development discussion
Those of you, who want to participate actively in amavis development
Visit <https://lists.amavis.org/cgi-bin/mailman/listinfo/amavis-devel> to
subscribe.
I am having problems signing up to the devel list via the web interface.

I get to the 'Confirm subscription request' page and click the
'Subscribe to list Amavis-devel' button. Instead of being successfully
subscribed (as would be normal at this point on a Mailman list) I am
sent to an 'Enter confirmation cookie' page. Even if I manually paste in
the confirmation string received by email and click Submit, I keep on
coming back to this page and can get no further.

I've tried this from both Waterfox (a Firefox-alike) and Edge and both
produce this behaviour. The only difference is that Waterfox warns that
my data is being sent over an insecure connection (i.e. that the target
of the form submission is http, not https) whereas Edge does not mention
this.

I've also tried to confirm my subscription by email but have not yet
received a response (although perhaps I'm impatient as it's only been
about seven minutes since I sent the confirmation email back).

Any help would be appreciated, please. Anyone else seen these problems?
--
Mark Rousell
Mark Rousell
2018-10-10 10:07:26 UTC
Permalink
Post by Mark Rousell
I am having problems signing up to the devel list via the web interface.
I get to the 'Confirm subscription request' page and click the
'Subscribe to list Amavis-devel' button. Instead of being successfully
subscribed (as would be normal at this point on a Mailman list) I am
sent to an 'Enter confirmation cookie' page. Even if I manually paste
in the confirmation string received by email and click Submit, I keep
on coming back to this page and can get no further.
I've tried this from both Waterfox (a Firefox-alike) and Edge and both
produce this behaviour. The only difference is that Waterfox warns
that my data is being sent over an insecure connection (i.e. that the
target of the form submission is http, not https) whereas Edge does
not mention this.
I've also tried to confirm my subscription by email but have not yet
received a response (although perhaps I'm impatient as it's only been
about seven minutes since I sent the confirmation email back).
Any help would be appreciated, please. Anyone else seen these problems?
Just to update: I received the devel list welcome email at 11:02AM BST
so I am successfully subscribed to the list.

If it's not just me seeing problems with web signups I'd be glad to help
test with other addresses that can be removed later.
--
Mark Rousell
John Andersen
2018-10-10 18:31:51 UTC
Permalink
Post by Mark Rousell
Post by Mark Rousell
I am having problems signing up to the devel list via the web
interface.
Post by Mark Rousell
I get to the 'Confirm subscription request' page and click the
'Subscribe to list Amavis-devel' button. Instead of being
successfully
Post by Mark Rousell
subscribed (as would be normal at this point on a Mailman list) I am
sent to an 'Enter confirmation cookie' page. Even if I manually paste
in the confirmation string received by email and click Submit, I keep
on coming back to this page and can get no further.
I've tried this from both Waterfox (a Firefox-alike) and Edge and
both
Post by Mark Rousell
produce this behaviour. The only difference is that Waterfox warns
that my data is being sent over an insecure connection (i.e. that the
target of the form submission is http, not https) whereas Edge does
not mention this.
I've also tried to confirm my subscription by email but have not yet
received a response (although perhaps I'm impatient as it's only been
about seven minutes since I sent the confirmation email back).
Any help would be appreciated, please. Anyone else seen these
problems?
Just to update: I received the devel list welcome email at 11:02AM BST
so I am successfully subscribed to the list.
If it's not just me seeing problems with web signups I'd be glad to help
test with other addresses that can be removed later.
John passed away in July. Bottom is not operating right now. A buyer is in the works. Watch the website for information.
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Mark Rousell
2018-10-10 20:06:43 UTC
Permalink
Post by John Andersen
John passed away in July. Bottom is not operating right now. A buyer is in the works. Watch the website for information.
Oh dear. :-( Thank you very much for the explanation.
--
Mark Rousell
Ralph Seichter
2018-10-10 13:46:20 UTC
Permalink
Post by Mark Rousell
I am having problems signing up to the devel list via the web
interface.
I experienced the same issue. My attempt to submit a confirmation cookie
using Safari caused an expected warning for submitting via a cleartext
connection, and then the same page was simply displayed again, with no
visible effect. Confirmation by email worked for me.

-Ralph
Ralf Hildebrandt
2018-10-11 09:19:45 UTC
Permalink
Post by Mark Rousell
Hello,
Post by Patrick Ben Koetter
== Development discussion
Those of you, who want to participate actively in amavis development
Visit <https://lists.amavis.org/cgi-bin/mailman/listinfo/amavis-devel> to
subscribe.
I am having problems signing up to the devel list via the web interface.
I'll look into this.
--
[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Ralf Hildebrandt
2018-10-11 09:35:46 UTC
Permalink
Post by Mark Rousell
I am having problems signing up to the devel list via the web interface.
The webserver was configured to use https://, Mailman still had
DEFAULT_URL_PATTERN = 'http://...'
as well as
PUBLIC_ARCHIVE_URL = 'http://...'

I fixed that now.
--
[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Benny Pedersen
2018-10-11 12:47:54 UTC
Permalink
Post by Ralf Hildebrandt
Post by Mark Rousell
I am having problems signing up to the devel list via the web
interface.
The webserver was configured to use https://, Mailman still had
DEFAULT_URL_PATTERN = 'http://...'
as well as
PUBLIC_ARCHIVE_URL = 'http://...'
I fixed that now.
good, will some one fix dmarc ?

DMARC-Filter: OpenDMARC Filter v1.3.2 linode.junc.eu 514061BE07F
Authentication-Results: linode.junc.eu; dmarc=fail (p=none dis=none)
header.from=sys4.de
Authentication-Results: linode.junc.eu;
dkim=pass (1024-bit key) header.d=amavis.org header.i=@amavis.org
header.b=QKHmN5RE;
dkim-atps=neutral
Received-SPF: none (amavis.org: No applicable sender policy available)
receiver=localhost.junc.eu; identity=mailfrom;
envelope-from="amavis-users-bounces+me=***@amavis.org";
helo=postfix.charite.de; client-ip=141.42.206.35

it cost nothing to remove sys4.de dkim key
Curtis Maurand
2018-10-11 13:02:53 UTC
Permalink
And DKIM signing, please. 1024 bit keys don't seem to work
Post by Benny Pedersen
Post by Ralf Hildebrandt
Post by Mark Rousell
I am having problems signing up to the devel list via the web interface.
The webserver was configured to use https://, Mailman still had
DEFAULT_URL_PATTERN = 'http://...'
as well as
PUBLIC_ARCHIVE_URL = 'http://...'
I fixed that now.
good, will some one fix dmarc ?
DMARC-Filter: OpenDMARC Filter v1.3.2 linode.junc.eu 514061BE07F
Authentication-Results: linode.junc.eu; dmarc=fail (p=none dis=none)
header.from=sys4.de
Authentication-Results: linode.junc.eu;
header.b=QKHmN5RE;
dkim-atps=neutral
Received-SPF: none (amavis.org: No applicable sender policy available)
receiver=localhost.junc.eu; identity=mailfrom;
helo=postfix.charite.de; client-ip=141.42.206.35
it cost nothing to remove sys4.de dkim key
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Ralf Hildebrandt
2018-10-11 13:11:06 UTC
Permalink
Post by Curtis Maurand
And DKIM signing, please. 1024 bit keys don't seem to work
Yes, both noted, but since we don't directly control DNS it can take a
while
--
[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Benny Pedersen
2018-10-11 13:25:34 UTC
Permalink
Post by Ralf Hildebrandt
Post by Curtis Maurand
And DKIM signing, please. 1024 bit keys don't seem to work
Yes, both noted, but since we don't directly control DNS it can take a
while
sys4.de dkim works ?

eassy enogh to make work in amavisd

even if dns takes long, it should be made sure it pass

if some silly local software removes sys4.de dkim signing before amavis
dkim signing we have another problem, maillist signs all sender from,
but removes original sys4.de signing can led to same results as i see

be carefull
Ralph Seichter
2018-10-11 13:19:09 UTC
Permalink
And DKIM signing, please. 1024 bit keys don't seem to work
Looking at your message, I see a failed verification for maurand.com,
but the DKIM signature for amavis.org is reported as being OK:

Authentication-Results: ra.horus-it.com;
dkim=pass (1024-bit key; unprotected) header.d=amavis.org header.i=@amavis.org header.b=hvGOHuCH;
dkim=fail reason="signature verification failed" (2048-bit key; unprotected)
header.d=maurand.com header.i=@maurand.com header.b=QqCR6OLl; dkim-atps=neutral

Key length should not affect that, although a 2048-Bit-Key is the better
choice.

-Ralph
Benny Pedersen
2018-10-11 13:33:13 UTC
Permalink
Post by Ralph Seichter
Authentication-Results: ra.horus-it.com;
dkim=pass (1024-bit key; unprotected) header.d=amavis.org
dkim=fail reason="signature verification failed" (2048-bit key; unprotected)
see the same here for my own postings to maillist, it means that mailman
still breaks dkim
Post by Ralph Seichter
Key length should not affect that, although a 2048-Bit-Key is the better
choice.
no
Curtis Maurand
2018-10-11 14:09:26 UTC
Permalink
Yep. Everything matches. The public and private key are in place, the DNS record is in place and the DNS record matches maurand.com.private

I get public key not available. I have one other domain with a 512 bit keys and it works.
Post by Ralph Seichter
And DKIM signing, please. 1024 bit keys don't seem to work
Looking at your message, I see a failed verification for maurand.com,
Authentication-Results: ra.horus-it.com;
dkim=pass (1024-bit key; unprotected) header.d=amavis.org
dkim=fail reason="signature verification failed" (2048-bit key;
unprotected)
dkim-atps=neutral
Key length should not affect that, although a 2048-Bit-Key is the better
choice.
-Ralph
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Benny Pedersen
2018-10-11 14:13:40 UTC
Permalink
I get public key not available. I have one other domain with a 512 bit
keys and it works.
opendkim have minimal keysize of 1024

so you will randomly get dkim fails
Dominic Raferd
2018-10-11 16:32:22 UTC
Permalink
Post by Benny Pedersen
I get public key not available. I have one other domain with a 512 bit
keys and it works.
opendkim have minimal keysize of 1024
so you will randomly get dkim fails
opendkim has default requirement of keysize 1024+, but you can change this
with MinimumKeyBits in opendkim.conf. Still, it is inadvisable (and not
only for this reason) to continue using a key with 512 bits.
Curtis Maurand
2018-10-11 20:20:34 UTC
Permalink
Not using open dkim
Post by Benny Pedersen
I get public key not available. I have one other domain with a 512
bit
keys and it works.
opendkim have minimal keysize of 1024
so you will randomly get dkim fails
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Steve Wardle
2018-10-11 15:05:05 UTC
Permalink
On Thu, 11 Oct 2018 10:09:26 -0400
Post by Curtis Maurand
Yep. Everything matches. The public and private key are in place, the DNS record is in place and the DNS record matches maurand.com.private
I get public key not available. I have one other domain with a 512 bit keys and it works.
Depending the resolver I can see two entries for 1539095125._domainkey.maurand.com

# dig +short TXT 1539095125._domainkey.maurand.com
;; Truncated, retrying in TCP mode.
"v=DKIM1\; t=s\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCiHG4VkgWKiTS9pfet3Q3B3C15VsVbH4XXVMX8rTnsoeD4qmxft+XLrUXpxm7Aqnw1MpstKGlIGb4IxSyCTf0xEc7/rxSSDH9N0m0CCAB9ah2nTiGpk7Pf3wRXv8fiOBGMzYCn6Ua8jsmY29e/BkC37iLP+r9hysvNQqBWs2aOQIDAQAB"
"v=DKIM1\; t=s\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4fWT3qsdqGM9o6Am59xOCRRjXZ8N8NFVhFQkirzP0mzEGzkziz7ODKs6LB5PjCenn6HQMHrYJ2X7dfxO4b1HMoBp8fiw7owQityxU/WlAYnIu80U1UvOcwXLD17j8KbnrLLZ2OgOQ6lNhBOEoZqfSkw+HzuUHTwMBhCIQYIHQ94aSX4JuKN9F4HjxZFsq3fu3JY" "UlOVOEquvLu0UF84caBXr9sIaJXONeIGToedc3CrYC6ASppUltKiAtnJQ8umC06StND6jX+9HPIMOcuuHPGavsQiSM3f4lWRwyjgIQIuob2W679o9HMf8WfmmcUIhjE4YJxpXZYNbjXKwpo47CwIDAQAB"

Steve
Curtis Maurand
2018-10-11 20:21:28 UTC
Permalink
I'll check that when I get back in front of a machine
Post by Steve Wardle
On Thu, 11 Oct 2018 10:09:26 -0400
Post by Curtis Maurand
Yep. Everything matches. The public and private key are in place,
the DNS record is in place and the DNS record matches
maurand.com.private
Post by Curtis Maurand
I get public key not available. I have one other domain with a 512
bit keys and it works.
Depending the resolver I can see two entries for
1539095125._domainkey.maurand.com
# dig +short TXT 1539095125._domainkey.maurand.com
;; Truncated, retrying in TCP mode.
"v=DKIM1\; t=s\;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCiHG4VkgWKiTS9pfet3Q3B3C15VsVbH4XXVMX8rTnsoeD4qmxft+XLrUXpxm7Aqnw1MpstKGlIGb4IxSyCTf0xEc7/rxSSDH9N0m0CCAB9ah2nTiGpk7Pf3wRXv8fiOBGMzYCn6Ua8jsmY29e/BkC37iLP+r9hysvNQqBWs2aOQIDAQAB"
"v=DKIM1\; t=s\;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4fWT3qsdqGM9o6Am59xOCRRjXZ8N8NFVhFQkirzP0mzEGzkziz7ODKs6LB5PjCenn6HQMHrYJ2X7dfxO4b1HMoBp8fiw7owQityxU/WlAYnIu80U1UvOcwXLD17j8KbnrLLZ2OgOQ6lNhBOEoZqfSkw+HzuUHTwMBhCIQYIHQ94aSX4JuKN9F4HjxZFsq3fu3JY"
"UlOVOEquvLu0UF84caBXr9sIaJXONeIGToedc3CrYC6ASppUltKiAtnJQ8umC06StND6jX+9HPIMOcuuHPGavsQiSM3f4lWRwyjgIQIuob2W679o9HMf8WfmmcUIhjE4YJxpXZYNbjXKwpo47CwIDAQAB"
Steve
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Scott Kitterman
2018-10-12 00:44:20 UTC
Permalink
Post by Curtis Maurand
Yep. Everything matches. The public and private key are in place, the
DNS record is in place and the DNS record matches maurand.com.private
I get public key not available. I have one other domain with a 512 bit keys and it works.
Please don't use 512 bit keys. See RFC 8301 for details.

Scott K

Mark Rousell
2018-10-11 18:49:56 UTC
Permalink
Post by Ralf Hildebrandt
Post by Mark Rousell
I am having problems signing up to the devel list via the web interface.
The webserver was configured to use https://, Mailman still had
DEFAULT_URL_PATTERN = 'http://...'
as well as
PUBLIC_ARCHIVE_URL = 'http://...'
I fixed that now.
Thank you!
--
Mark Rousell
Loading...