From: Yu Kuai <yukuai3@huawei.com>
To: Jan Kara <jack@suse.cz>
Cc: <paolo.valente@linaro.org>, <tj@kernel.org>,
<linux-block@vger.kernel.org>, <cgroups@vger.kernel.org>,
<linux-kernel@vger.kernel.org>, <yi.zhang@huawei.com>,
Jens Axboe <axboe@kernel.dk>
Subject: Re: [PATCH -next v5 0/3] support concurrent sync io for bfq on a specail occasion
Date: Tue, 7 Jun 2022 19:51:20 +0800 [thread overview]
Message-ID: <9a51c7b1-ba6c-0a56-85cf-5e602b9c6ec2@huawei.com> (raw)
In-Reply-To: <20220607095430.kac5jgzm2gvd7x3c@quack3.lan>
在 2022/06/07 17:54, Jan Kara 写道:
> On Tue 07-06-22 11:10:27, Yu Kuai wrote:
>> 在 2022/05/23 23:25, Jan Kara 写道:
>>> Hum, for me all emails from Huawei I've received even today fail the DKIM
>>> check. After some more digging there is interesting inconsistency in DMARC
>>> configuration for huawei.com domain. There is DMARC record for huawei.com
>>> like:
>>>
>>> huawei.com. 600 IN TXT "v=DMARC1;p=none;rua=mailto:dmarc@edm.huawei.com"
>>>
>>> which means no DKIM is required but _dmarc.huawei.com has:
>>>
>>> _dmarc.huawei.com. 600 IN TXT "v=DMARC1;p=quarantine;ruf=mailto:dmarc@huawei.com;rua=mailto:dmarc@huawei.com"
>>>
>>> which says that DKIM is required. I guess this inconsistency may be the
>>> reason why there are problems with DKIM validation for senders from
>>> huawei.com. Yu Kuai, can you perhaps take this to your IT support to fix
>>> this? Either make sure huawei.com emails get properly signed with DKIM or
>>> remove the 'quarantine' record from _dmarc.huawei.com. Thanks!
>>>
>>> Honza
>>>
>> Hi, Jan and Jens
>>
>> I just got response from our IT support:
>>
>> 'fo' is not set in our dmarc configuration(default is 0), which means
>> SPF and DKIM verify both failed so that emails will end up in spam.
>>
>> It right that DKIM verify is failed because there is no signed key,
>> however, our IT support are curious how SPF verify faild.
>>
>> Can you guys please take a look at ip address of sender? So our IT
>> support can take a look if they miss it from SPF records.
>
> So SPF is what makes me receive direct emails from you. For example on this
> email I can see:
>
> Received: from frasgout.his.huawei.com (frasgout.his.huawei.com
> [185.176.79.56])
> (using TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128
> bits))
> (No client certificate requested)
> by smtp-in2.suse.de (Postfix) with ESMTPS id 4LHFjN2L0dzZfj
> for <jack@suse.cz>; Tue, 7 Jun 2022 03:10:32 +0000 (UTC)
> ...
> Authentication-Results: smtp-in2.suse.de;
> dkim=none;
> dmarc=pass (policy=quarantine) header.from=huawei.com;
> spf=pass (smtp-in2.suse.de: domain of yukuai3@huawei.com designates
> 185.176.79.56 as permitted sender) smtp.mailfrom=yukuai3@huawei.com
>
> So indeed frasgout.his.huawei.com is correct outgoing server which makes
> smtp-in2.suse.de believe the email despite missing DKIM signature. But the
> problem starts when you send email to a mailing list. Let me take for
> example your email from June 2 with Message-ID
> <20220602082129.2805890-1-yukuai3@huawei.com>, subject "[PATCH -next]
> mm/filemap: fix that first page is not mark accessed in filemap_read()".
> There the mailing list server forwards the email so we have:
>
> Received: from smtp-in2.suse.de ([192.168.254.78])
> (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
> by dovecot-director2.suse.de with LMTPS
> id 8MC5NfVvmGIPLwAApTUePA
> (envelope-from <linux-fsdevel-owner@vger.kernel.org>)
> for <jack@imap.suse.de>; Thu, 02 Jun 2022 08:08:21 +0000
> Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20])
> by smtp-in2.suse.de (Postfix) with ESMTP id 4LDJYK5bf0zZg5
> for <jack@suse.cz>; Thu, 2 Jun 2022 08:08:21 +0000 (UTC)
> Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
> id S232063AbiFBIIM (ORCPT <rfc822;jack@suse.cz>);
> Thu, 2 Jun 2022 04:08:12 -0400
> Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56178 "EHLO
> lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by
> vger.kernel.org
> with ESMTP id S232062AbiFBIIL (ORCPT
> <rfc822;linux-fsdevel@vger.kernel.org>);
> Thu, 2 Jun 2022 04:08:11 -0400
> Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188])
> by lindbergh.monkeyblade.net (Postfix) with ESMTPS id
> 75DDB25FE;
> Thu, 2 Jun 2022 01:08:08 -0700 (PDT)
>
> and thus smtp-in2.suse.de complains:
>
> Authentication-Results: smtp-in2.suse.de;
> dkim=none;
> dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM"
> header.from=huawei.com (policy=quarantine);
> spf=pass (smtp-in2.suse.de: domain of
> linux-fsdevel-owner@vger.kernel.org designates 2620:137:e000::1:20 as
> permitted sender) smtp.mailfrom=linux-fsdevel-owner@vger.kernel.org
>
> Because now we've got email with "From" header from huawei.com domain from
> a vger mail server which was forwarding it. So SPF has no chance to match
> (in fact SPF did pass for the Return-Path header which points to
> vger.kernel.org but DMARC defines that if "From" and "Return-Path" do not
> match, additional validation is needed - this is the "SPF not aligned
> (relaxed)" message above). And missing DKIM (the additional validation
> method) sends the email to spam.
Thanks a lot for your analysis, afaics, in order to fix the
problem, either your mail server change the configuration to set
alignment mode to "relaxed" instead of "strict", or our mail server
add correct DKIM signature for emails.
I'll contact with our IT support and try to add DKIM signature.
Thanks,
Kuai
next prev parent reply other threads:[~2022-06-07 11:52 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-28 12:08 [PATCH -next v5 0/3] support concurrent sync io for bfq on a specail occasion Yu Kuai
2022-04-28 12:08 ` [PATCH -next v5 1/3] block, bfq: record how many queues are busy in bfq_group Yu Kuai
2022-04-28 12:45 ` Jan Kara
2022-04-28 12:08 ` [PATCH -next v5 2/3] block, bfq: refactor the counting of 'num_groups_with_pending_reqs' Yu Kuai
2022-04-28 12:08 ` [PATCH -next v5 3/3] block, bfq: do not idle if only one group is activated Yu Kuai
2022-05-05 1:00 ` [PATCH -next v5 0/3] support concurrent sync io for bfq on a specail occasion yukuai (C)
2022-05-14 9:29 ` yukuai (C)
2022-05-21 7:22 ` yukuai (C)
2022-05-21 12:21 ` Jens Axboe
2022-05-23 1:10 ` yukuai (C)
2022-05-23 1:24 ` Jens Axboe
2022-05-23 8:18 ` Yu Kuai
2022-05-23 12:36 ` Jens Axboe
2022-05-23 12:58 ` Yu Kuai
2022-05-23 13:29 ` Jens Axboe
2022-05-23 8:59 ` Jan Kara
2022-05-23 12:36 ` Jens Axboe
2022-05-23 15:25 ` Jan Kara
2022-05-24 1:13 ` Yu Kuai
2022-06-01 6:16 ` Jens Axboe
2022-06-01 7:19 ` Yu Kuai
2022-06-07 3:10 ` Yu Kuai
2022-06-07 9:54 ` Jan Kara
2022-06-07 11:51 ` Yu Kuai [this message]
2022-06-07 13:06 ` Yu Kuai
2022-06-07 20:30 ` Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9a51c7b1-ba6c-0a56-85cf-5e602b9c6ec2@huawei.com \
--to=yukuai3@huawei.com \
--cc=axboe@kernel.dk \
--cc=cgroups@vger.kernel.org \
--cc=jack@suse.cz \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=paolo.valente@linaro.org \
--cc=tj@kernel.org \
--cc=yi.zhang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).