Page MenuHomePhabricator

Figure out dkim for mailman3
Closed, ResolvedPublic

Description

https://wiki.list.org/DEV/DKIM

rOPUP9d709df21788: mailman: remove DKIM headers by @faidon. In mailman3 the config option is remove_dkim_headers.

We also need to generate a new key for lists-next as well.

Event Timeline

Change 674645 had a related patch set uploaded (by Legoktm; owner: Legoktm):
[operations/puppet@production] mailman3: Configure DKIM

https://gerrit.wikimedia.org/r/674645

Change 674645 merged by Legoktm:
[operations/puppet@production] mailman3: Configure DKIM

https://gerrit.wikimedia.org/r/674645

Legoktm claimed this task.

in the private repo:

A	modules/secret/secrets/dkim/lists-next.wikimedia.org-wikimedia.key
A	modules/secret/secrets/dkim/lists-next.wikimedia.org-wikimedia.pub

then I ran: $ openssl rsa -in lists-next.wikimedia.org-wikimedia.key -pubout -outform der | openssl base64 -a to generate what goes into the DNS record:

km@cashew ~> dig wikimedia._domainkey.lists-next.wikimedia.org @ns0.wikimedia.org TXT

; <<>> DiG 9.11.28-RedHat-9.11.28-1.fc33 <<>> wikimedia._domainkey.lists-next.wikimedia.org @ns0.wikimedia.org TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44742
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1024
; COOKIE: d9826f791c933637dc05c0c5e2c6b79a (good)
;; QUESTION SECTION:
;wikimedia._domainkey.lists-next.wikimedia.org. IN TXT

;; ANSWER SECTION:
wikimedia._domainkey.lists-next.wikimedia.org. 3600 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSmtv2U8o3PXRWXE1wsp03lnCCfSHRGu3trO0Aexx6VEzXCn8LWpzYlgmZrCGFpr3YL8aBLQk+2za+YFlnwgc5Dio9VmgexObl+JnGtZuL8eJzfZaAmPZou7FiO51uE8QfnYixwbDuPDxaiIXxDdA7NWKnknzWsW3M+a8qS/uxLP98y/yJouY1b9t+9wVx0js" "K5WLLS3aAS+xgwnpI+WWAQFCR1HbOSGJnBWBO612CvrKRE52FaimHmZw+2IFvgzHtnNHmrb75uNNWK4HLi/HnpMOcSAmXXrhY1CbAbJYrGSCZpuepNiczw8O/z92SbodSNVT8RoudM+gHWq2zKCiQIDAQAB"

;; Query time: 167 msec
;; SERVER: 208.80.154.238#53(208.80.154.238)
;; WHEN: Wed Mar 24 13:53:56 PDT 2021
;; MSG SIZE  rcvd: 518