Usermin's spf and dkim flagging of emails could be enhanced

[Stephano2000]

Usermin's flagging of emails with respect to spf and dkim (the popup when one clicks on the inverted arrow next to the sender name in the spam folder) could be enhanced:

dkim-signature is currently not visible when an invalid dkim signature is present. It is better if it is always displayed, and indicates whether a dkim signature is found or not, and in case it is there, whether it is valid or invalid.

Similarly for spf: spf record found or not, and matches or not

[jcameron]

Can you attach a screenshot of the popup you're seeing currently?

[Stephano2000]

Here are 3 different popups. There is no dkim status in the last two.

[iliajie]

There is no dkim status in the last two.

If you compare those two emails by viewing as a raw message, do you see DKIM signature in the two last message from the screenshot above? Is there a DKIM signature in the first one? Can we have a look at the headers of those 3 mentioned emails?

[Stephano2000]

Content analysis details:   (7.0 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 2.5 URIBL_DBL_MALWARE      Contains a malware URL listed in the Spamhaus
                            DBL blocklist
                            [URIs: marrugo.com]
 3.6 RCVD_IN_SBL_CSS        RBL: Received via a relay in Spamhaus SBL-CSS
                            [88.209.253.213 listed in zen.spamhaus.org]
 0.1 URIBL_CSS_A            Contains URL's A record listed in the Spamhaus CSS
                            blocklist
                            [URIs: marrugo.com]
 0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
                            blocked.  See
                            http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                             for more information.
                            [URIs: marrugo.com]
 0.0 RCVD_IN_DNSWL_BLOCKED  RBL: ADMINISTRATOR NOTICE: The query to
                            DNSWL was blocked.  See
                            http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                             for more information.
                            [88.209.253.213 listed in list.dnswl.org]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
-0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.3 HTML_IMAGE_ONLY_04     BODY: HTML: images with 0-400 bytes of words
 0.7 MPART_ALT_DIFF         BODY: HTML and text parts are different
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                            valid
-0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                            envelope-from domain
-0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
                            author's domain
-0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
 0.0 DC_PNG_UNO_LARGO       Message contains a single large png image

[iliajie]

I don't understand what you're trying to say. Sorry. I need to see the complete headers (in raw) of the email in question.

[Stephano2000]

I have listed spam assassin's results, which shows that the SPF passed, and DKIM is present and valid.
I was about to post similar info for the 2 other cases.

As for the headers, which ones do you need? Those on the spam page, or the original mail page?
In any case, some of the headers info must be redacted before posting, and hence you will not be able to verify DKIM validity.

[iliajie]

and hence you will not be able to verify DKIM validity.

I don't need to do it. The email should already include all information needed to make this check.

which shows that the SPF passed, and DKIM is present and valid.

Which is fine, right? It depends on the email message headers.

I still don't understand the problem we're solving here. If Usermin displays DKIM status incorrectly then it's a bug. But to know that, I need to see the screenshot of a popup and all actual email headers in raw.

[Stephano2000]

Email (redacted) headers:

Return-Path: 	<[email protected]>
X-Original-To: 	[email protected]
Delivered-To: 	"[email protected]"@mars.example.com
Authentication-Results: 	mars.example.com;dkim=pass (2048-bit key; unprotected) header.d=marrugo.com [email protected] header.a=rsa-sha1 header.s=dkim header.b=0QVsE0iP;dkim-atps=neutral
Received: 	from ernestine2265.marrugo.com (ernestine2265.marrugo.com [88.209.253.213])by mars.example.com (Postfix) with ESMTPS id 58A1040B19for <[email protected]>; Mon, 3 Apr 2023 03:38:15 +0000 (UTC)
DKIM-Signature: 	v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=marrugo.com;h=Content-Type:MIME-Version:Subject:To:From:Date:Message-ID; [email protected];bh=DskVhnS4zuPeVJ1JTfIWTmrdKyA=;b=0QVsE0iP/D8O6EEZHQazVd4RylVd33gt69/b5xMB17TKQ/xmZG6q4Cp4w2zXdpOprcQCzEN3KpjFp8PxepNnWodSkdm681df1cqe9lR7OvemeOyZ2p2SkzRySFUoybjHsE8kKN0ah2WXo6RapBOuSoHeexCKUdta9rb4MH2nglJHuZ96qJxpdRP0bwENu5woJJLZQ0CILd3tZiIh9kR9GefT/PYunTRYr8KfySGGe5AIq/w2sFbeaS0/kEHPlp7KKtOAEv2nD5bO00s0JDnHu1+MEa2m91dtRi9qxbYLKGAAjCED3BcJrpMjz4x3YsWFRiL3tAi3JDxn++fq/dHQ8w==
DomainKey-Signature: 	a=rsa-sha1; c=nofws; q=dns; s=dkim; d=marrugo.com;b=Xm0ml7Tz0bPQgAaLYHpc8aTDJG8/ssfDk4dEXaSpMqLb0VF1vBRnRU1KMwTgIvV6YHiQgNwasEvdUIRAFFw8LpyA2xCdyog0M0L5XUkvtY0J4upOmQXhYRlWS6YqUFt7U23pUwvh/OzniysvSYuCe+emWbYgOBI4ROtnSyOQZ1Jf1SeMtmWefdd+f83v/5+e+e3iA04wnCOzaBppiCUiSjSc9fMTT62zL3Jx2nWKvi4Xjl3WjKwz/3m3vf+4ni3DNE2mNZx6PYXuhqaogYblcKMT7ajGfkEbqnkBqxF4SSiPKbx37QzeA4++ipiUAz/O8bbX4KL1MANxOe8ZfIbwRw==;
Content-Type: 	multipart/mixed; boundary="===============1548607889=="
MIME-Version: 	1.0
Subject: 	DHL Express - Shipment Notification
To: 	[email protected]
From: 	"DHL Express" <[email protected]>
Date: 	Mon, 03 Apr 2023 05:38:13 +0200
Message-ID: 	<[email protected]>

[iliajie]

I think it's rather a feature than a bug. Google Mail does the same. It doesn't say anything about the signature if it's not present. However, I think that you're right, it's better to always show signed-by field.

Check this patch, does it solve your problem?

[Stephano2000]

Just to understand, what does a green check mark or a red X supposed to mean for spf and dkim? present/notpresent, or valid/invalid? Then i will be able to re-evaluate the other emails.

In the case of this email (#95 (comment)), it was the other way round as the mail has a dkim signature, but Usermin didn't show the dkim status.

However i won't be able to check the patch as this email is on a production machine. I will see if i can setup a test server and attract spam in order to test the patch :)

[iliajie]

Alright, please give it a try on a test server and let me know what you find out.

[Stephano2000]

Alright, please give it a try on a test server and let me know what you find out.

I will. However i need to know the expected behavior to be able to spot drifts: What does a green check mark or a red X supposed to mean for spf and dkim? present/notpresent, or valid/invalid, or some combination?

What's the recommended way to install Virtualmin from github master?

[iliajie]

What does a green check mark or a red X supposed to mean for spf and dkim?

Currently, green means passed and red can mean failed/missing.

What's the recommended way to install Virtualmin from github master?

Never do that. Always use automated installer - https://www.virtualmin.com/download/.

[Stephano2000]

What does a green check mark or a red X supposed to mean for spf and dkim?

Currently, green means passed and red can mean failed/missing.

Great!

What's the recommended way to install Virtualmin from github master?

Never do that. Always use automated installer - https://www.virtualmin.com/download/.

Let me rephrase my question:
How can i make a fresh install using the automated installer, but benefiting from all the patches that haven't been released in the stable package?
Would this do it:

# wget -O virtualmin-install.sh https://raw.githubusercontent.com/virtualmin/virtualmin-install/master/virtualmin-install.sh
# /bin/sh virtualmin-install.sh

[iliajie]

You cannot have all the latest patches applied like that. You could try nightly builds of Webmin and Usermin thought.