From 5cabfd591b64db9422dcf8cbfd60b55818bfffbd Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Tue, 23 Feb 2016 09:52:10 -0500 Subject: [PATCH 1/2] (re-fix) mail sent from an address on a subdomain of a domain hosted by the box (a non-zone domain) would never be DKIM-signed because only zones were included in the openDKIM configuration, mistakenly This was originally fixed in 143bbf37f425c27632caced8998a3fdbf57a606d (February 16, 2015). Then I broke it in 7a93d219ef598d018676237c0eed7663123c4c07 (November 2015) while doing some refactoring ahead of v0.15. --- CHANGELOG.md | 1 + management/dns_update.py | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b2cc3900..4b3f3f3c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ Mail: * Roundcube updated to version 1.1.4. * When there's a problem delivering an outgoing message, a new 'warning' bounce will come after 3 hours and the box will stop trying after 2 days (instead of 5). * On multi-homed machines, Postfix now binds to the right network interface when sending outbound mail so that SPF checks on the receiving end will pass. +* Mail sent from addresses on subdomains of other domains hosted by this box would not be DKIM-signed and so would fail DMARC checks by recipients, since version v0.15. Control panel: diff --git a/management/dns_update.py b/management/dns_update.py index d3ef2cbc..6f4de318 100755 --- a/management/dns_update.py +++ b/management/dns_update.py @@ -91,7 +91,7 @@ def do_dns_update(env, force=False): shell('check_call', ["/usr/sbin/service", "nsd", "restart"]) # Write the OpenDKIM configuration tables for all of the domains. - if write_opendkim_tables([domain for domain, zonefile in zonefiles], env): + if write_opendkim_tables(get_mail_domains(env), env): # Settings changed. Kick opendkim. shell('check_call', ["/usr/sbin/service", "opendkim", "restart"]) if len(updated_domains) == 0: From d880f088bec17d0b8093bcd05bd44042dabd0b85 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Tue, 23 Feb 2016 10:24:26 -0500 Subject: [PATCH 2/2] fix changelog description of a bug, see #725 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4b3f3f3c..301f7c22 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,7 +22,7 @@ System: * Backups to some AWS S3 regions broke in version 0.15 because we reverted the version of boto. That's now fixed. * On low-usage systems, don't hold backups for quite so long by taking a full backup more often. -* Nightly status checks might fail if any domains had non-ASCII characters. +* Nightly status checks might fail on systems not configured with a default Unicode locale. * If domains need a TLS certificate and the user hasn't installed one yet using Let's Encrypt, the administrator would get a nightly email with weird interactive text asking them to agree to Let's Encrypt's ToS. Now just say that the provisioning can't be done automatically. * Reduce the number of background processes used by the management daemon to lower memory consumption