DKIM signature is not applyed to all system messagge

[morenonardelliunitn]

On our Sympa system we have activated and configured the DKIM and ARC signature as per the guide. The configurations are implemented at the subdomain in the various robot.conf files. However, we have noticed that some system messages are not signed with DKIM. The relationship found is that messages sent from an envelope from "[email protected]" are not signed while those with evelop from "[email protected]" are signed correctly

Version

Sympa 6.2.72

Installation method

rpm package on RHEL 8.7

Expected behavior

I expect Sympa to sign all its system messages

Actual behavior

At the moment this is not the case

Additional information

correct mail:

X-Envelope-From: <[email protected]>
DKIM-Filter: OpenDKIM Filter v2.11.0 mailrelayserver.subdomain.it 4TgcVq5gbDzGnvn
Authentication-Results: mailrelayserver.subdomain.it;
	dkim=pass (1024-bit key, unprotected) header.d=domain.it [email protected] header.a=rsa-sha256 header.s=selector-domain.it header.b=BpsRzgAl
...
...
...
X-Authentication-Warning: server-domain.it: sympa set sender to [email protected] using -f
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=
	domain.it; h=content-transfer-encoding
	:content-type:date:from:message-id:mime-version:subject:to; s=
	selector-domain.it; bh=vzI0B6UdwhmsJdxw689mcswAEYENz0GFcbhOYg+mf
	Bk=; b=BpsRzgAl8Fcob8Aqi/scBCMkEZ0ucS06YaDFKjarzPGUR6/908IKWOH2u
	c4jHUfBwi2NBSxMpvNP8FoMqjYgUgar9DiLnUzxvKLlJGumhIcclq/p6oNVYkNcA
	G3LYzAbTexG5Hq5u1vWrkhBsUB90Wax1kEjvxSmcBCGs5YN4Ao=
Message-Id: <[email protected]>

From: "SYMPA" <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7BIT
Auto-Submitted: auto-generated
To: [email protected]
Subject: Results of your commands
X-Loop: [email protected]
X-Mailer: Sympa 6.2.72

wrong email:

ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of [email protected] designates 52.236.146.108 as permitted sender) [email protected]
Return-Path: <[email protected]>
Received: from mailrelayserver.subdomain.it (....)
        by mx.google.com with ESMTPS id m5-20020a056402430500b0056431b3a67esi1652554edc.268.2024.02.19.00.12.57
        for <[email protected]>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 19 Feb 2024 00:12:57 -0800 (PST)
Received-SPF: pass (google.com: domain of [email protected] designates 52.236.146.108 as permitted sender) client-ip=52.236.146.108;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of [email protected] designates 52.236.146.108 as permitted sender) [email protected]
X-Envelope-From: <[email protected]>
DKIM-Filter: OpenDKIM Filter v2.11.0 mailrelayserver.subdomain.it 4TdZz82hjmzDq78
Received: from domain.it (list-mx.unitn.it [52.236.146.108]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mailrelayserver.subdomain.it (Postfix) with ESMTPS id 4TdZz82hjmzDq78 for <[email protected]>; Mon, 19 Feb 2024 09:12:52 +0100 (CET)
Received: from domain.it (localhost [127.0.0.1]) by domain.it (8.15.2/8.15.2) with ESMTPS id 41J8CpQW1584876 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for <[email protected]>; Mon, 19 Feb 2024 09:12:51 +0100
DKIM-Filter: OpenDKIM Filter v2.11.0 domain.it 41J8CpQW1584876
Authentication-Results: domain.it; dkim=none
Received: (from sympa@localhost) by domain.it (8.15.2/8.15.2/Submit) id 41J8Cp1Q1584873 for [email protected]; Mon, 19 Feb 2024 09:12:51 +0100
X-Authentication-Warning: domain.it: sympa set sender to [email protected] using -f
Message-Id: <[email protected]>
Date: Mon, 19 Feb 2024 09:12:51 +0100
To: [email protected]
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: QUOTED-PRINTABLE
Auto-Submitted: auto-generated
From: [email protected]
Subject: Conferma cancellazione dalla lista 4test
X-Mailer: Sympa 6.2.72

[ikedas]

Hi @morenonardelliunitn ,

Please show us the steps to reproduce, i.e.:

• The configuration you added / updated,
• The steps you have taken to ensure that the message in question is transmitted.

[morenonardelliunitn]

Hi @ikedas
the DKIM configuration was carried out at the robot.conf level by:
in /etc/sympa/sympa.conf file inserting the following lines:
dkim_feature on
dkim_add_signature_to robot
dkim_signature_apply_on any

in every robot.conf files inserting the following lines:

dkim_private_key_path /etc/sympa/domain-keys/sub-domain.private
dkim_signer_domain sub.domain.it
dkim_selector selector-subdom

all files in the folder /etc/sympa/domain-kays/ are owned by the user sympa with 600 permission:
-rw------- 1 sympa sympa 887 Feb 3 2021 sub-domain.private

in the list has set custom messages for welcome or goodbye template.
These automatic communications occur from the sender [email protected] and are not signed by DKIM. (you can see a mail's header in the my previus second example)

Other communications such as those relating to errors carried out based on moderation operations which have the sender [email protected] are correctly signed DKIM (you can see a mail's header mail in the my previus first example)

[ikedas]

This issue is a duplicate of #1739 and will be fixed on the next release.
@morenonardelliunitn , thank you for reporting bug! This issue is closed.