Use DKIM on mozilla's smtps

NEW
Assigned to

Status

Infrastructure & Operations
Infrastructure: Mail
5 years ago
2 days ago

People

(Reporter: kang, Assigned: limed)

Tracking

(Blocks: 1 bug)

Details

SPF bug: https://bugzilla.mozilla.org/show_bug.cgi?id=240169  it also includes some information about DKIM.
This is the DKIM bug.  Summary:

Key should be 1024bit or higher (1024 recommended as higher may break some dns resolution of some MTAs)
selectors may include the key generation date, so that we're able to refresh the key every X month.
Different smtps may have different selectors (and thus keys), for example the smtp used by human users to send emails vs the smtps used by internal hosts to send emails

Updated

5 years ago
Assignee: server-ops-infra → limed
Component: Server Operations: Infrastructure → Infrastructure: Other
Product: mozilla.org → Infrastructure & Operations

Updated

5 years ago
Component: Infrastructure: Other → Infrastructure: Mail
QA Contact: jdow → limed

Comment 1

3 years ago
Is this something that will be easier for us to do, once we switch to Google Apps? :-)
(In reply to Ed Morley (moved to Treeherder) [:edmorley] from comment #1)
> Is this something that will be easier for us to do, once we switch to Google
> Apps? :-)

It'll probably be harder because the mail coming out of apps will probably get signed by Google.  But I don't know for sure, they might let us supply our own key in Enterprise Apps.  Certainly something to check on.

Comment 3

3 years ago
I've just read up a bit more on this, and it appears that whilst you cannot specify your own key within Google Apps (https://support.google.com/a/answer/174126), you can have multiple DKIM keys specified in DNS, differentiated by TXT record name, and then the signed mail refers to which key should be used. So this should still be doable after all :-)

See:
http://dkim.org/specs/draft-ietf-dkim-deployment-11.html#rfc.section.4.1
http://www.dkim.org/info/dkim-faq.html#technical

Comment 4

3 years ago
Or I could just have read comment 0 more thoroughly, oops.
(In reply to Ed Morley (away until 3rd Jan) [:edmorley] from comment #3)
> I've just read up a bit more on this, and it appears that whilst you cannot
> specify your own key within Google Apps
> (https://support.google.com/a/answer/174126), you can have multiple DKIM
> keys specified in DNS, differentiated by TXT record name, and then the
> signed mail refers to which key should be used. So this should still be
> doable after all :-)
I used it for my own domain and it was nice. So ++ for enabling it in gapps.

Updated

3 years ago
Blocks: 1081574

Comment 6

3 years ago
Could we make this infra-group bug open or at least mozilla-employee? There's nothing confidential in it at the moment, and I imagine most work would occur in dep bugs. It's just I've linked to here from a Yammer thread, but only after realised that most people won't be able to view the bug.

Comment 7

3 years ago
Is this bug for both "enable DKIM on the Mozilla google apps account" and "enable DKIM on Mozilla's own SMTP server"? If we do the latter, does that cover bugzilla.mozilla.org bugmails too?

The reason I'm interested in this bug is that to fix bug 1102364 and bug 1100476, we have to meet the Google requirements for using the action buttons, one of which is "emails are sent with SPF or DKIM enabled".
Blocks: 1102364, 1100476

Updated

3 years ago
Group: infra
No longer blocks: 1102364
No longer blocks: 1100476

Comment 8

3 years ago
(In reply to Ed Morley [:edmorley] from comment #7)
> Is this bug for both "enable DKIM on the Mozilla google apps account" and
> "enable DKIM on Mozilla's own SMTP server"? If we do the latter, does that
> cover bugzilla.mozilla.org bugmails too?
> 
> The reason I'm interested in this bug is that to fix bug 1102364 and bug
> 1100476, we have to meet the Google requirements for using the action
> buttons, one of which is "emails are sent with SPF or DKIM enabled".
Flags: needinfo?(limed)

Updated

3 years ago
Blocks: 1139840

Updated

3 years ago
Flags: needinfo?(limed)
Duplicate of this bug: 1142481
You need to log in before you can comment on or make changes to this bug.