From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 2E664C433F5 for ; Mon, 31 Jan 2022 07:35:29 +0000 (UTC) Received: from localhost ([::1]:34850 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nERDj-0006fG-S3 for qemu-devel@archiver.kernel.org; Mon, 31 Jan 2022 02:35:27 -0500 Received: from eggs.gnu.org ([209.51.188.92]:40548) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nEQke-0003Bo-5Y for qemu-devel@nongnu.org; Mon, 31 Jan 2022 02:05:32 -0500 Received: from rev.ng ([5.9.113.41]:42717) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nEQkZ-0003vf-0Y for qemu-devel@nongnu.org; Mon, 31 Jan 2022 02:05:21 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=rev.ng; s=dkim; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References: In-Reply-To:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=AoXg/gzTVwldsn3GqtZw5pYgm3QUPJjnXfbatmXx9bc=; b=NuNV1O5SOx9oSNuh+t4R+DHCGK 5bdC5+Hv5kn1WRWwLQ5oh6jN0U3HkDg4foTy2CF7d4Z4D3QaObrEplRrhiNROkLvLufh8DsL5eDlq O5DQD28njk2MoqUnvorNpuy1bYXbZXoug6MUHy7pAB6Mc4d3tZ1EJm40Dw/zlJILMjuo=; Date: Mon, 31 Jan 2022 08:04:59 +0100 To: Philippe =?UTF-8?B?TWF0aGlldS1EYXVkw6k=?= via , Philippe =?UTF-8?B?TWF0aGlldS1EYXVkw6k=?= , Alex =?UTF-8?B?QmVubsOpZQ==?= Cc: Mark Cave-Ayland , Ross Lagerwall , Stefano Stabellini , =?UTF-8?B?Q8OpZHJpYw==?= Le Goater , Ed Maste , Thomas Huth , Michael Tokarev , "Daniel P . =?UTF-8?B?QmVycmFuZ8Op?=" , Li-Wen Hsu , Stefan Hajnoczi , Xiang Chen , Jonathan Cameron , Longpeng , Yifei Jiang , Vasilev Oleg , Anton Johansson , Michael Roth Subject: Re: [PATCH v6 0/7] tests: Refresh lcitool submodule & remove libxml2 Message-ID: <20220131080459.456a0b55@orange> In-Reply-To: References: <20220121154134.315047-1-f4bug@amsat.org> <87mtjle71g.fsf@linaro.org> <4dc22a36-52da-26fb-bf8e-5e27e91db359@amsat.org> <87ee4xdjjp.fsf@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=5.9.113.41; envelope-from=ale@rev.ng; helo=rev.ng X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Reply-to: Alessandro Di Federico From: Alessandro Di Federico via On Tue, 25 Jan 2022 11:59:38 +0100 Philippe Mathieu-Daud=C3=A9 via wrote: > I'm seeing the same issue with these domains since mid december: >=20 > ... > - rev.ng >=20 > ... > https://lore.kernel.org/qemu-devel/20220105185720.0d4fc159@orange/ > ... I've tried to look into this and it looks like our set up should be OK. We enabled SPF (i.e., a rule stating that only our mailserver can send e-mail with our domain in "From:") and DKIM (i.e., our mailserver signs certain portions of the e-mail). We also enabled DMARC which coordinates the two. Now, as far as I understand, mailing lists can either rewrite the "From" header (as qemu-devel does) or leave it as it is. In the latter situation, SPF will fail but DMARC should instruct MTAs to check DKIM, and that should pass. https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html https://dmarc.org/wiki/FAQ#I_operate_a_mailing_list_and_I_want_to_inter= operate_with_DMARC.2C_what_should_I_do.3F DKIM signature can be corrupted in case the mailing list tampers with the subject or the body of the e-mail, but this doesn't seem to be the case: I've tried to manually verify the DKIM signature of the same e-mail that I got both from the mailing list and directly from the sender (I was in Cc), and they both verify correctly. tl;dr I *think* rewriting the From header should not be necessary for our domain. If you guys think this is not the case and there's something we can do to improve the situation (other than adding gmail.com to our SPF record), let me know. --=20 Alessandro Di Federico rev.ng Labs