[GIT PULL] arm64 updates 6.15-rc1

Stephen Rothwell sfr at canb.auug.org.au
Wed Mar 26 15:45:02 PDT 2025 

Hi Linus,

On Wed, 26 Mar 2025 10:25:22 -0700 Linus Torvalds <torvalds at linux-foundation.org> wrote:
>
> On Wed, 26 Mar 2025 at 10:11, Steven Rostedt <rostedt at goodmis.org> wrote:
> >
> > So it definitely goes through kernel.org.
> >
> > But it has no DKIM headers.  
> 
> Funky.
> 
> There's definitely something strange going on, because your *previous*
> email to me did have the DKIM signature:
> 
>   Received: by smtp.kernel.org (Postfix) with ESMTPSA id DF624C4CEE2...
>   DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;[..]
>   [...]
>   Date: Wed, 26 Mar 2025 12:40:25 -0400
>   Subject: Re: [GIT PULL] arm64 updates 6.15-rc1
>   Message-ID: <20250326124025.1966bf8a at gandalf.local.home>
> 
> and gmail was explicitly happy with it:
> 
>   ARC-Authentication-Results: i=1; mx.google.com;
>        dkim=pass [...]
> 
> but then this later one didn't:
> 
>   Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4CDA5C4CEE2...
>   [...]
>   Date: Wed, 26 Mar 2025 13:12:00 -0400
>   Message-ID: <20250326131200.1c86c657 at gandalf.local.home>
> 
> and for some reason gmail also didn't actually react to the lack of
> DKIM on that second one and only talks about how spf was fine.
> 
> Konstantin? Can you tell what's going on?

My understanding is this:

for normal SPF checks (i.e. not DMARC's SPF checks) the test is done on
the envelope sender and in Steve's case, goodmis.org DNS SPF record
says that anything from goodmis.org can come from the kernel.org
servers.  DMARC applies the SPF check to the From: header address.

for DKIM checks, the test is against the From: header address.  The
kernel.org servers can only sign emails that have a From header using a
kernel.org email address (or any other domain they have access to the
private DKIM keys for).  So they cannot sign emails that have a From:
header using a goodmis.org email address (presumably).

Presumably the SPF check passing is sufficient for the GMail servers.

DMARC requires that its SPF check or its DKIM check to pass.  (But
goodmis.org has no DMARC DNS record, while kernel.org does)
-- 
Cheers,
Stephen Rothwell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/linux-arm-kernel/attachments/20250327/ed35edfd/attachment.sig>

More information about the linux-arm-kernel mailing list