Open
Bug 807013
Opened 12 years ago
Updated 2 years ago
Use DKIM on mozilla's smtps
Categories
(Infrastructure & Operations :: Infrastructure: Mail, task)
Tracking
(Not tracked)
NEW
People
(Reporter: kang, Unassigned)
References
(Blocks 1 open bug)
Details
SPF bug: https://bugzilla.mozilla.org/show_bug.cgi?id=240169 it also includes some information about DKIM. This is the DKIM bug. Summary: Key should be 1024bit or higher (1024 recommended as higher may break some dns resolution of some MTAs) selectors may include the key generation date, so that we're able to refresh the key every X month. Different smtps may have different selectors (and thus keys), for example the smtp used by human users to send emails vs the smtps used by internal hosts to send emails
Updated•12 years ago
|
Assignee: server-ops-infra → limed
Updated•11 years ago
|
Component: Server Operations: Infrastructure → Infrastructure: Other
Product: mozilla.org → Infrastructure & Operations
Updated•11 years ago
|
Component: Infrastructure: Other → Infrastructure: Mail
QA Contact: jdow → limed
Comment 1•9 years ago
|
||
Is this something that will be easier for us to do, once we switch to Google Apps? :-)
Comment 2•9 years ago
|
||
(In reply to Ed Morley (moved to Treeherder) [:edmorley] from comment #1) > Is this something that will be easier for us to do, once we switch to Google > Apps? :-) It'll probably be harder because the mail coming out of apps will probably get signed by Google. But I don't know for sure, they might let us supply our own key in Enterprise Apps. Certainly something to check on.
Comment 3•9 years ago
|
||
I've just read up a bit more on this, and it appears that whilst you cannot specify your own key within Google Apps (https://support.google.com/a/answer/174126), you can have multiple DKIM keys specified in DNS, differentiated by TXT record name, and then the signed mail refers to which key should be used. So this should still be doable after all :-) See: http://dkim.org/specs/draft-ietf-dkim-deployment-11.html#rfc.section.4.1 http://www.dkim.org/info/dkim-faq.html#technical
Comment 5•9 years ago
|
||
(In reply to Ed Morley (away until 3rd Jan) [:edmorley] from comment #3) > I've just read up a bit more on this, and it appears that whilst you cannot > specify your own key within Google Apps > (https://support.google.com/a/answer/174126), you can have multiple DKIM > keys specified in DNS, differentiated by TXT record name, and then the > signed mail refers to which key should be used. So this should still be > doable after all :-) I used it for my own domain and it was nice. So ++ for enabling it in gapps.
Comment 6•9 years ago
|
||
Could we make this infra-group bug open or at least mozilla-employee? There's nothing confidential in it at the moment, and I imagine most work would occur in dep bugs. It's just I've linked to here from a Yammer thread, but only after realised that most people won't be able to view the bug.
Comment 7•9 years ago
|
||
Is this bug for both "enable DKIM on the Mozilla google apps account" and "enable DKIM on Mozilla's own SMTP server"? If we do the latter, does that cover bugzilla.mozilla.org bugmails too? The reason I'm interested in this bug is that to fix bug 1102364 and bug 1100476, we have to meet the Google requirements for using the action buttons, one of which is "emails are sent with SPF or DKIM enabled".
Updated•9 years ago
|
Group: infra
Comment 8•9 years ago
|
||
(In reply to Ed Morley [:edmorley] from comment #7) > Is this bug for both "enable DKIM on the Mozilla google apps account" and > "enable DKIM on Mozilla's own SMTP server"? If we do the latter, does that > cover bugzilla.mozilla.org bugmails too? > > The reason I'm interested in this bug is that to fix bug 1102364 and bug > 1100476, we have to meet the Google requirements for using the action > buttons, one of which is "emails are sent with SPF or DKIM enabled".
Flags: needinfo?(limed)
Updated•9 years ago
|
Flags: needinfo?(limed)
Updated•3 years ago
|
Assignee: limed → infra
QA Contact: limed → cshields
Updated•3 years ago
|
Assignee: infra → jhayashi
Updated•2 years ago
|
Assignee: jhayashi → infra
QA Contact: cshields
You need to log in
before you can comment on or make changes to this bug.
Description
•