Received: by 2002:a5d:9c59:0:0:0:0:0 with SMTP id 25csp2202012iof; Tue, 7 Jun 2022 23:04:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzzrK/VM+SFPt0Bf3QJj9P7ZMRGGjfd/ql+XqLc4VYKDN4o787tvp1TvDLBd5x2lBo2vsqN X-Received: by 2002:a17:90a:a002:b0:1e8:6ea3:849c with SMTP id q2-20020a17090aa00200b001e86ea3849cmr18825725pjp.179.1654668249748; Tue, 07 Jun 2022 23:04:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1654668249; cv=none; d=google.com; s=arc-20160816; b=hbGJGEm4vMOmm6G0SyqSGJnTFsplYFEZH3HkevsNWfMnlKDEcWcAErtT+cKbv8A6ZG SNsyRQxQZNlCrMr4zLom8sUCE0XG1U/1wIqeLufVUdNeUq2m3u1FUFTpUU12nk4LrqwT o+aipoPT1ucLZ8EY5bdayE1QISin/nYB6RVwmZHTHDxbdIuxjoGjgsEBwuOfHOMoiMZN KsgIkhqIOUV0D8hlRChgvqooBNAJosvU7ehJB0okwE10Or977Vrf5pOBvPhlEpY5KqFF mUb2dpIr9KrPQjq5RplQuTvMP1ihSp4G6Kyb1uhZrjVvOnKBADON1BqKg6dWRZAGsUZa s2Bg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:dkim-signature; bh=S662GbsRJEF6AHR2EvNBu53yF5E9DczgAYsnFafgTMM=; b=ImDlRcS+/qEoU7og9YGg8yhDrtRcw8w7fZHOvyGv8gCz59Vr8Fe3/4v1eKzikpcro1 7RgFaOflQ2QdKj0FyCH9rQGsGhl6ad7G1iNgd9eAnsN6LRCaiwMLle8RCKovAz/VahLm 2OGIq0AHNHTVsWu1Bz69BFFpLHb1ySeXBL55ILlERPH+zXh0AqaA4VzSABJEAQHcMJli oIPDU7UfbbOQT7l8AShzLGvo5lPyWTUA/2Oi8gr8H9cjeAzBW+qJ5XnMlxiMGe3/r2J4 6JyogeU+speXcvicmWvi3WGL4GZJBrib/j/VyD7wGnyRIffjj+yVNwvJeetgtFys05B1 5++g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=y+HqAzNl; dkim=neutral (no key) header.i=@suse.cz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id y36-20020a056a001ca400b0051babb88d79si24101296pfw.277.2022.06.07.23.04.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jun 2022 23:04:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=y+HqAzNl; dkim=neutral (no key) header.i=@suse.cz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id BE3A32D2512; Tue, 7 Jun 2022 22:28:29 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243382AbiFHBVN (ORCPT + 99 others); Tue, 7 Jun 2022 21:21:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37238 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1447492AbiFGXG5 (ORCPT ); Tue, 7 Jun 2022 19:06:57 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B12CB30B6C7; Tue, 7 Jun 2022 13:37:58 -0700 (PDT) Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out2.suse.de (Postfix) with ESMTP id BEA211F92D; Tue, 7 Jun 2022 20:30:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1654633808; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=S662GbsRJEF6AHR2EvNBu53yF5E9DczgAYsnFafgTMM=; b=y+HqAzNlLnb/PDQh+aDQgxfaXgDgFlpkBvWu4r6aN2XYXDxi3irQSc60/Y6dgoXm04rQFz sMIP6F+daG66o5WdjUGi8iXe0PX2bcB6wbrwQ2R2UcXjAnNoLODEBL5wUSyeLtPeK9WQ/b 3OsfhBPVSLIhjCFDsHZphJ5Ha5hkf30= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1654633808; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=S662GbsRJEF6AHR2EvNBu53yF5E9DczgAYsnFafgTMM=; b=TcXr8fp5++MDzVzG7XmA0OcwUhraygWKTXnVJ0DJDg28V6CTQfFJS6yQY+qyTnTVBROKFH KpQDy3na/34Y1jCw== Received: from quack3.suse.cz (unknown [10.163.28.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id 9D1392C141; Tue, 7 Jun 2022 20:30:08 +0000 (UTC) Received: by quack3.suse.cz (Postfix, from userid 1000) id 251ABA0633; Tue, 7 Jun 2022 22:30:08 +0200 (CEST) Date: Tue, 7 Jun 2022 22:30:08 +0200 From: Jan Kara To: Yu Kuai Cc: Jan Kara , paolo.valente@linaro.org, tj@kernel.org, linux-block@vger.kernel.org, cgroups@vger.kernel.org, linux-kernel@vger.kernel.org, yi.zhang@huawei.com, Jens Axboe Subject: Re: [PATCH -next v5 0/3] support concurrent sync io for bfq on a specail occasion Message-ID: <20220607203008.nk4cpcny5sfl4am7@quack3.lan> References: <81411289-e13c-20f5-df63-c059babca57a@huawei.com> <55919e29-1f22-e8aa-f3d2-08c57d9e1c22@huawei.com> <20220523085902.wmxoebyq3crerecr@quack3.lan> <25f6703e-9e10-75d9-a893-6df1e6b75254@kernel.dk> <20220523152516.7sr247i3bzwhr44w@quack3.lan> <21cd1c49-838a-7f03-ab13-9a4f2ac65979@huawei.com> <20220607095430.kac5jgzm2gvd7x3c@quack3.lan> <9a51c7b1-ba6c-0a56-85cf-5e602b9c6ec2@huawei.com> <75ebf18b-0e21-3906-7862-6ca80b2f181d@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <75ebf18b-0e21-3906-7862-6ca80b2f181d@huawei.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue 07-06-22 21:06:55, Yu Kuai wrote: > 在 2022/06/07 19:51, Yu Kuai 写道: > > 在 2022/06/07 17:54, Jan Kara 写道: > > > On Tue 07-06-22 11:10:27, Yu Kuai wrote: > > > > 在 2022/05/23 23:25, Jan Kara 写道: > > > > > Hum, for me all emails from Huawei I've received even today > > > > > fail the DKIM > > > > > check. After some more digging there is interesting > > > > > inconsistency in DMARC > > > > > configuration for huawei.com domain. There is DMARC record > > > > > for huawei.com > > > > > like: > > > > > > > > > > huawei.com.        600    IN    TXT > > > > > "v=DMARC1;p=none;rua=mailto:dmarc@edm.huawei.com" > > > > > > > > > > which means no DKIM is required but _dmarc.huawei.com has: > > > > > > > > > > _dmarc.huawei.com.    600    IN    TXT "v=DMARC1;p=quarantine;ruf=mailto:dmarc@huawei.com;rua=mailto:dmarc@huawei.com" > > > > > > > > > > > > > > > which says that DKIM is required. I guess this inconsistency may be the > > > > > reason why there are problems with DKIM validation for senders from > > > > > huawei.com. Yu Kuai, can you perhaps take this to your IT > > > > > support to fix > > > > > this? Either make sure huawei.com emails get properly signed > > > > > with DKIM or > > > > > remove the 'quarantine' record from _dmarc.huawei.com. Thanks! > > > > > > > > > >                                 Honza > > > > > > > > > Hi, Jan and Jens > > > > > > > > I just got response from our IT support: > > > > > > > > 'fo' is not set in our dmarc configuration(default is 0), which means > > > > SPF and DKIM verify both failed so that emails will end up in spam. > > > > > > > > It right that DKIM verify is failed because there is no signed key, > > > > however, our IT support are curious how SPF verify faild. > > > > > > > > Can you guys please take a look at ip address of sender? So our IT > > > > support can take a look if they miss it from SPF records. > > > > > > So SPF is what makes me receive direct emails from you. For example > > > on this > > > email I can see: > > > > > > Received: from frasgout.his.huawei.com (frasgout.his.huawei.com > > >          [185.176.79.56]) > > >          (using TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 > > > (128/128 > > >          bits)) > > >          (No client certificate requested) > > >          by smtp-in2.suse.de (Postfix) with ESMTPS id 4LHFjN2L0dzZfj > > >          for ; Tue,  7 Jun 2022 03:10:32 +0000 (UTC) > > > ... > > > Authentication-Results: smtp-in2.suse.de; > > >          dkim=none; > > >          dmarc=pass (policy=quarantine) header.from=huawei.com; > > >          spf=pass (smtp-in2.suse.de: domain of yukuai3@huawei.com > > > designates > > >          185.176.79.56 as permitted sender) > > > smtp.mailfrom=yukuai3@huawei.com > > > > > > So indeed frasgout.his.huawei.com is correct outgoing server which makes > > > smtp-in2.suse.de believe the email despite missing DKIM signature. > > > But the > > > problem starts when you send email to a mailing list. Let me take for > > > example your email from June 2 with Message-ID > > > <20220602082129.2805890-1-yukuai3@huawei.com>, subject "[PATCH -next] > > > mm/filemap: fix that first page is not mark accessed in filemap_read()". > > > There the mailing list server forwards the email so we have: > > > > > > Received: from smtp-in2.suse.de ([192.168.254.78]) > > >          (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 > > > bits)) > > >          by dovecot-director2.suse.de with LMTPS > > >          id 8MC5NfVvmGIPLwAApTUePA > > >          (envelope-from ) > > >          for ; Thu, 02 Jun 2022 08:08:21 +0000 > > > Received: from out1.vger.email (out1.vger.email > > > [IPv6:2620:137:e000::1:20]) > > >          by smtp-in2.suse.de (Postfix) with ESMTP id 4LDJYK5bf0zZg5 > > >          for ; Thu,  2 Jun 2022 08:08:21 +0000 (UTC) > > > Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand > > >          id S232063AbiFBIIM (ORCPT ); > > >          Thu, 2 Jun 2022 04:08:12 -0400 > > > Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56178 "EHLO > > >          lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by > > >          vger.kernel.org > > >          with ESMTP id S232062AbiFBIIL (ORCPT > > >          ); > > >          Thu, 2 Jun 2022 04:08:11 -0400 > > > Received: from szxga02-in.huawei.com (szxga02-in.huawei.com > > > [45.249.212.188]) > > >          by lindbergh.monkeyblade.net (Postfix) with ESMTPS id > > >          75DDB25FE; > > >          Thu,  2 Jun 2022 01:08:08 -0700 (PDT) > > > > > > and thus smtp-in2.suse.de complains: > > > > > > Authentication-Results: smtp-in2.suse.de; > > >          dkim=none; > > >          dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" > > >          header.from=huawei.com (policy=quarantine); > > >          spf=pass (smtp-in2.suse.de: domain of > > >          linux-fsdevel-owner@vger.kernel.org designates > > > 2620:137:e000::1:20 as > > >          permitted sender) > > > smtp.mailfrom=linux-fsdevel-owner@vger.kernel.org > > > > > > Because now we've got email with "From" header from huawei.com > > > domain from > > > a vger mail server which was forwarding it. So SPF has no chance to match > > > (in fact SPF did pass for the Return-Path header which points to > > > vger.kernel.org but DMARC defines that if "From" and "Return-Path" do not > > > match, additional validation is needed - this is the "SPF not aligned > > > (relaxed)" message above). And missing DKIM (the additional validation > > > method) sends the email to spam. > > > > Thanks a lot for your analysis, afaics, in order to fix the > > problem, either your mail server change the configuration to set > > alignment mode to "relaxed" instead of "strict", or our mail server > > add correct DKIM signature for emails. > > > > I'll contact with our IT support and try to add DKIM signature. > > > > Thanks, > > Kuai > > Hi, Jan > > Our IT support is worried that add DKIM signature will degrade > performance, may I ask that how is your mail server configuation? policy > is quarantine or none, and dkim signature is supportted or not. The DMARC policy (relaxed / quarantine) is not configured on the side of the receiving mail server but on huawei.com side. As I wrote above it is this DMARC record in DNS of huawei.com domain that makes receiving mail servers refuse the email without DKIM signature (if SPF does not match): _dmarc.huawei.com.    600    IN    TXT "v=DMARC1;p=quarantine;ruf=mailto:dmarc@huawei.com;rua=mailto:dmarc@huawei.com" So if your IT admins do not want to introduce DKIM signatures on outgoing email, they should set policy to 'p=none' in the DMARC DNS record to tell that fact to receiving mail servers. Honza -- Jan Kara SUSE Labs, CR