IETF Logo Mail Archive

Re: Weird messages from IETF/Google Mailservers (WG: PALS WG Adoption poll draft-schmutzer-pals-ple)

Tero Kivinen <kivinen@iki.fi> Thu, 01 June 2023 21:41 UTC

Return-Path: <kivinen@iki.fi>
X-Original-To: wgchairs@ietfa.amsl.com
Delivered-To: wgchairs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47E05C151089 for <wgchairs@ietfa.amsl.com>; Thu, 1 Jun 2023 14:41:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iki.fi
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fW8FbLHijeSA for <wgchairs@ietfa.amsl.com>; Thu, 1 Jun 2023 14:41:48 -0700 (PDT)
Received: from meesny.iki.fi (meesny.iki.fi [195.140.195.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53F47C151085 for <wgchairs@ietf.org>; Thu, 1 Jun 2023 14:41:48 -0700 (PDT)
Received: from fireball.acr.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: kivinen@iki.fi) by meesny.iki.fi (Postfix) with ESMTPSA id 4QXKMr5Z5YzyZD; Fri, 2 Jun 2023 00:41:44 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=meesny; t=1685655705; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=oJNNoP0ObQDpHmOncoaZALjXT1vYZgBYQZ8iqnW+CA4=; b=JBDi6rytyGkE3YGSncr2fkVfYMe5JkgN5ex8CJ/Oppww1n/bP+HiSlaGOeOcaln+9O8IyM Uce9Oj23Rw7bH1HOR8/u7WiS9k4JkxuPZVhBBtLnr5ANH1XpOyEKS53t82nFXFl5vPZzQ7 6bpBRzDncL39OsupXpBfwBRhn+wsZIg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=meesny; t=1685655705; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=oJNNoP0ObQDpHmOncoaZALjXT1vYZgBYQZ8iqnW+CA4=; b=UiWbaTEj4x+nfvFi0yqL1aRCj6XoALVlqkHeV7Gw9AAmx5AiFXXeiwQLy/E+T1Ny/g6cQC Fht9l41OaUu0XOEHd4YmzOom+7RI3dXdLNgZw3US8RCdiG+/1TU+VJsdM/K2Dv5OlWyvYu 66gxRKUPcJJYGmSpzzy6w2PFB1GlGu8=
ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=kivinen@iki.fi smtp.mailfrom=kivinen@iki.fi
ARC-Seal: i=1; s=meesny; d=iki.fi; t=1685655705; a=rsa-sha256; cv=none; b=LuirqSWRMOsj34ncsBwUt3ftWOocSZ7Kc2p17C7aJinXAcvA5UtQxBBfVzW6iEZOx2C1wz jr37lEinpVh63b2qhnXwX96Mxd6bJjJ/1mwSnBgErQmMX6luOWT7BOIX6K20+hWFHVhnJ2 onnXOdiZnrV7W/4fzVVlTk9wqfSnHMo=
Received: by fireball.acr.fi (Postfix, from userid 15204) id 5A56525C1295; Fri, 2 Jun 2023 00:41:44 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Message-ID: <25721.4248.324176.572347@fireball.acr.fi>
Date: Fri, 02 Jun 2023 00:41:44 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: "Andrew G. Malis" <agmalis@gmail.com>
Cc: Loa Andersson <loa@pi.nu>, wgchairs@ietf.org
Subject: Re: Weird messages from IETF/Google Mailservers (WG: PALS WG Adoption poll draft-schmutzer-pals-ple)
In-Reply-To: <CAA=duU2o3Qn2f6MrAX4faDs4=-KVOqPm9R3w=MVPmRJ2s5Fq6A@mail.gmail.com>
References: <BEZP281MB2008B40D838DDC78B76B4DFA9849A@BEZP281MB2008.DEUP281.PROD.OUTLOOK.COM> <9bb42d57-1fd7-ddee-a451-53f3ad9f8fe4@pi.nu> <CAA=duU2o3Qn2f6MrAX4faDs4=-KVOqPm9R3w=MVPmRJ2s5Fq6A@mail.gmail.com>
X-Mailer: VM 8.2.0b under 26.3 (x86_64--netbsd)
X-Edit-Time: 6 min
X-Total-Time: 7 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/wgchairs/2NbTDLjUEfnBFvKdB6kmAD6CZFM>
X-BeenThere: wgchairs@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Working Group Chairs <wgchairs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wgchairs>, <mailto:wgchairs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wgchairs/>
List-Post: <mailto:wgchairs@ietf.org>
List-Help: <mailto:wgchairs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wgchairs>, <mailto:wgchairs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jun 2023 21:41:53 -0000

Andrew G. Malis writes:
> There's a difference between email sent to an IETF email list (which
> uses mailman to handle email authentication issues by acting as the
> email source) and to an IETF email expander like pals-chairs, which
> doesn't.
> 
> When you're using an email expander, the original source of the
> email doesn't change, which exposes the email to any issues the
> original sender of the email may have. In this case, the issue is
> that Google is rejecting the email to pals-chairs because
> the telecom.de domain apparently doesn't support DKIM or SPF. This
> is the same issue as pi.nu.

Gmail is just being gmail, and decided that it does not like the
message because of reasons it does not disclose.

At least the email N.Leymann@telekom.de sent to wgclist did have
DKIM-signature (actually it had 3, one from telekom.de and two from
ietf.org, but those two were added because of wgchairs is mailing list
and does get different processing than aliases). And at least my own
machine did verify all of the DKIM signatures and they were valid. SPF
of course will always fail as email went through another machine in
the middle (i.e. ietf.org).

I would have assumed that the original email did have similar DKIM
signature (or perhaps they added support for DKIM between the error
message and message to wgchairs).

I have noticed it that even if you do have DKIM signatures gmail will
still claim you don't and will fail the message with this same error
message. 

The N.Leymann@telekom.de email had this DKIM signature:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=telekom.de; i=@telekom.de; q=dns/txt; s=dtag1;
 t=1685610015; x=1717146015; h=from:to:subject:date:message-id:
 content-transfer-encoding:mime-version;
 bh=0Bs+x5myny2oj+qksvqz5G/kVnfxOs31iLC9um0E72I=;
 b=pRG7GjOOFxXYsXLb1R+TPdubajZg57EpzhedEx1R7/Qy+t4jKrNmetew
 cx1Nlpm2TCjzCjDn5X6QgZmr+LcLUWezOy9BDB/PANRAxwog5t65AQR1I
 0rYvCfR6jILJFvogLYIZ5oDJDitDNfb/+iiY/PumAKf3ngzSQ5cfvpZj4
 mUBhGQBYT4PdiiBckxwoAneq9TwQJ78NL8eCRaoJmDihk3solbg/F89NS
 TdycS0nhHvib44zjbYIoGghmPFbGgLC39ed691tbzNW8XMVLT/pv3P8uC
 dhzfp2P8/uoTxue4j9OK1FfNee0Mt8vD8CjIZojQ/l4URNy6fGpOQdVzI g==;

and at least my machine claimed it was valid:

Authentication-Results: fireball.acr.fi;
	dkim=pass (1024-bit key) header.d=ietf.org header.i=@ietf.org header.b=iJv4PSgb8WpqTIfvHatgsBBj+zp+T1ODGWogzIlB4BBTcN91Rc3QgEjSobKuqa4RQwtb9ay0OynCUYwNEjRDHDM++qXXz4gx3M9FIBEfB94R//h4ffM55KFsGwKt7SV1avpmvXtQ7FRh84CRGeex2Ec+a/TIVGq+i0XgE5Wqw28=;
	dkim=pass (1024-bit key) header.d=ietf.org header.i=@ietf.org header.b=iJv4PSgb8WpqTIfvHatgsBBj+zp+T1ODGWogzIlB4BBTcN91Rc3QgEjSobKuqa4RQwtb9ay0OynCUYwNEjRDHDM++qXXz4gx3M9FIBEfB94R//h4ffM55KFsGwKt7SV1avpmvXtQ7FRh84CRGeex2Ec+a/TIVGq+i0XgE5Wqw28=;
	dkim=pass (2048-bit key) header.d=telekom.de header.i=@telekom.de header.b=pRG7GjOOFxXYsXLb1R+TPdubajZg57EpzhedEx1R7/Qy+t4jKrNmetewcx1Nlpm2TCjzCjDn5X6QgZmr+LcLUWezOy9BDB/PANRAxwog5t65AQR1I0rYvCfR6jILJFvogLYIZ5oDJDitDNfb/+iiY/PumAKf3ngzSQ5cfvpZj4mUB
-- 
kivinen@iki.fi

v2.23.0 | Report a Bug | By Email