Sympa uses the wrong domain for DKIM signature

[salaun-urennes1]

I noticed that when enabling DKIM signature on a SYmpa robot, signature uses the domain of another robot on my server. I tried to find out why with lots of traces on our production server. But in the end I gave up....really weird.

Version

6.2.48

Installation method

From sources

Expected behavior

Sympa should add a DKIM-Signature header starting with "v=1; a=rsa-sha256; c=relaxed; d=listes.univ-rennes1.fr".

Actual behavior

Sympa add a DKIM-Signature header starting with "v=1; a=rsa-sha256; c=relaxed; d=listes.ur1.fr".

Steps to reproduce

1. Add the following parameters to both robot.conf:

dkim_add_signature_to	robot,list
dkim_signature_apply_on	any
dkim_private_key_path	/data/sympa/etc/dkim_private_202201.pem
dkim_selector			sympa2022

2. systemctl restart httpd.service
3. send an email to [email protected]
4. check email recieved by one list member

Additional information

I added lots of traces to the code. Here is what I get in the log:

Jan 27 15:01:27 myserver sympa_msg[28336]: info Sympa::Spindle::ToList::_twist() Message Sympa::Message <[email protected]/shelved:dkim_sign> for Sympa::List <[email protected]> from hidden accepted (0.05 seconds, 1 sessions, 7 subscribers), message ID=61f2a5b4.vak5ejJ45LjlPA3p%[email protected], size=2060
Jan 27 15:01:28 myserver bulk[29241]: info Sympa::Tools::DKIM::get_dkim_parameters() listname=test ; robot=listes.univ-rennes1.fr
Jan 27 15:01:28 myserver bulk[29241]: info Sympa::Tools::DKIM::get_dkim_parameters() dkim signer_domain=listes.ur1.fr
Jan 27 15:01:28 myserver bulk[29241]: info Sympa::Spindle::ProcessOutgoing::_twist() dkim domain=listes.ur1.fr

At first sight I would say that Sympa initialized signer_domain list parameter with dkim_signer_domain robot parameter of the wrong robot.

But when checking list config from the web GUI, everything looks fine :

It could be the get_dkim_parameters() that uses the wrong primitives to access list configuration parameters...

Note that I also tried setting dkim_signer_domain in robot.conf, but same effect :-(

I can go on my investigations, but probably need some help to do so.

[ikedas]

Where have you configured the wrong domain listes.univ-rennes1.fr listes.ur1.fr ? sympa.conf or anywhere else?

[salaun-urennes1]

The only place where listes.ur1.fr is mentioned is /usr/local/sympa/etc/listes.ur1.fr/robot.conf. I double-checked and I am confident about that also because it's a vhost I added to the Sympa server for DKIM test purpose.

[salaun-urennes1]

Note that I initially copied/pasted from listes.ur1.fr/robot.conf to etc/listes.univ-rennes1.fr/robot.conf. I then fixed the dkim_signer_domain conf parameter in etc/listes.univ-rennes1.fr/robot.conf.

Maybe robot.conf.bin had kept the initial dkim_signer_domain conf parameter...
But then the web admin page should show me the wron signer_domain list parameter, isn't it?

[ikedas]

However sympa.conf.bin and robot.conf.bin have been removed (see #284).

[salaun-urennes1]

You're right, our robot.conf.bin have last been changed in 2018. Probably not the right track for our problem...

[ikedas]

Could you please check my feature request above and give suggestions?