Enable DKIM for 3rd-party WordCamp emails

Since February 1, 2024, Gmail and Yahoo have implemented new requirements for email senders to protect users’ inboxes from spam more effectively while ensuring legitimate emails are received.

As y’all know, Google and Yahoo have changed how they handle non-authenticated emails. While emails we send are likely to have proper authentication in place, emails sent from 3rd-parties don’t.

Some 3rd-party tools can use the Gsuite account for emails (Freescout & HelpScout for example). Other tools, such as Mailchimp, Active Campaign, Brevo, and a long list of others don’t support it.

Mailchimp is currently enabled for DKIM, as it’s used for the main Central account – and as I’ve just found out, as long as you can receive email for a email address, any WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. can use that verification; so any WordCamp using Mailchimp is fine.

Active Campaign is used (at least) by WordCamp Asia, this requires adding additional DKIM keys and a CNAME to verify the domain ownership.

acdkim1._domainkey.wordcamp.org CNAME dkim.acdkim1.acems1.com
acdkim2._domainkey.wordcamp.org CNAME dkim.acdkim2.acems1.com

em-3501330.wordcamp.org CNAME cmd.emsend1.com

Brevo is currently used by (at least) WordCamp Europe. Similar to above, it requires the DKIM records and an ownership verification record.

Unfortunately these do not use CNAME’s and require TXT records be added:

wordcamp.org TXT brevo-code:[pixelated-text]
mail._domainkey.wordcamp.org TXT k=rsa;[pixelated-text]

(@casiepa can you let me know the actual values for these? I can only find pixelated images)

I don’t know how to handle this going forward; especially in the case of the above which require may require ownership verification from future WordCamps, I’m almost certain the above authentication steps won’t work for future camps.

If systems have any objections to enabling DKIM and ownership verifications of the domain for WordCamps, let us know and we’ll discuss if there’s an alternative; At present it doesn’t appear there’s many other options; aside from requiring WordCamps to use a limited selection of tools, or to use a 3rd-party domains (such as team@wc{city}.org).

Regional WordCamps (Asia, Europe, and US) get special treatment however in this regard; so I assume enabling DKIM is going to be possible.

#wordcamp #email #prio1 #dns

Add redirect for Google Fonts JSON file

We are currently hosting the Google Fonts JSONJSON JSON, or JavaScript Object Notation, is a minimal, readable format for structuring data. It is used primarily to transmit data between a server and web application, as an alternative to XML. file for the new Font Library feature on the wordpress.org CDN. In order to work around the caching issues with the wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ CDN, would it be possible to create a redirect from a specific fonts wordpress.org subdomain to a JSON file hosted on the wordpress.org CDN?

This would allow the Google Fonts JSON file to be updated without the need to invalidate CDN cache.

For example, https://fonts.wp.org/6.5/google-fonts.json would point to => https://s.w.org/images/fonts/17.7/collections/google-fonts-with-preview.json. Then, if needed, the same URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org could be updated to point to a different GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ version of the file, e.g. https://s.w.org/images/fonts/17.8/collections/google-fonts-with-preview.json.

#prio1

Reprovision wp.org Sandbox for VS Code 1.86

Same issue as: https://make.wordpress.org/systems/2024/02/07/reprovisioned-sandbox-for-vs-code-1-86/

I want to run VSCode 1.86 and the newest versions of wordpress/scripts which currently throw:

Warning: Missing GLIBCXX >= 3.4.25! from /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.22
Warning: Missing GLIBC >= 2.28! from /lib/x86_64-linux-gnu/libc-2.24.so

I’ve deleted everything of meaning from the sandbox. Feel free to reprovision as soon as you are ready.

Thanks.

#prio1 #sandbox

[Edit Feb 27] Flipped this to #prio1 as I would ideally have it in place before WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. Asia Contributor DayContributor Day Contributor Days are standalone days, frequently held before or after WordCamps but they can also happen at any time. They are events where people get together to work on various areas of https://make.wordpress.org/ There are many teams that people can participate in, each with a different focus. https://2017.us.wordcamp.org/contributor-day/ https://make.wordpress.org/support/handbook/getting-started/getting-started-at-a-contributor-day/. on March 7 since I’m a table lead.

Reprovisioned Sandbox for VS Code 1.86

I’m unable to use VS Code with Remote SSHSSH Secure SHell - a protocol for securely connecting to a remote system in addition to or in place of a password. to access my sandbox (adamwood.dev.ord.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/) with the new 1.86 version due to updated requirements, namely Linux distributions based on glibc 2.28 or later, and glibcxx 3.4.25 or later, such as Debian 10, RHEL 8, or Ubuntu 20.04.

As a workaround I have installed 1.85 and disabled updates as suggested, but this obviously isn’t satisfactory long term.

I understand it’s possible to have my sandbox reprovisioned to meet these requirements. I have backed up my customisations, so I’d like to request that you go ahead with this please.

#prio1 #sandbox

Add redirect for Font Collection JSON schema

I would like to request a new JSONJSON JSON, or JavaScript Object Notation, is a minimal, readable format for structuring data. It is used primarily to transmit data between a server and web application, as an alternative to XML. schema file redirect, in line with theme.json and block.json, as discussed in this post.

As part of the new Font Library, there is a new JSON schema for defining font collections. There is more information in this PR.

The new redirect would be for:

https://schemas.wp.org/trunk/font-collection.json => https://raw.githubusercontent.com/WordPress/gutenberg/trunk/schemas/json/font-collection.json

This should be similar to how the theme.json and block.json redirects have been set up.

Thank you!

#prio1

Email rejected as ‘high probability of spam’

There’s been multiple reports over the last few weeks of emails from Gsuite being rejected due to the below details, I’ve been unable to verify it from a gsuite account.

The response from the remote server was:
554 5.7.1 High probability of spam

Here’s one example of it, including the full email headers of the rejection:
https://wordpress.slack.com/archives/C02QB8GMM/p1704295191477689

#email #prio1

Help Scout DKIM update

Hi, we got the following email from Help Scout. I’m not sure if it applies to both of our instances, or only one of them. The records need to be updated by October 16th.

As of October 16th, 2023 we will no longer be relying on SPF authentication tied to your domain when using Help Scout servers to send email as your custom email address. We are moving to a method with a focus on DKIM instead, to both modernize our infrastructure and align with industry best practices.

You’re receiving this message because your domain(s) currently has a DMARC record set to p=reject, but does not have the CNAME records to allow DKIM authentication for emails sent from Help Scout. If you do not take action before we make these changes, emails you send from Help Scout will be rejected by many email servers as they will no longer be DMARC aligned.

To continue using Help Scout servers to send emails as your domain, you’ll need to create a couple of CNAME records at the DNSDNS DNS is an acronym for Domain Name System - how you assign a human readable address to a website’s exact numeric coded location (ie. wordpress.org uses the actual IP address 198.143.164.252). provider for your domain so that recipient servers can authenticate the DKIM signature on emails you send from Help Scout.

You’ll need two CNAME records:

strong1._domainkey.[yourdomain] should point to strong1._domainkey.helpscout.net
strong2._domainkey.[yourdomain] should point to strong2._domainkey.helpscout.net

Our article Use DKIM to Help With Email Deliverability has a bit more information if you need it.

Alternatively, you may choose to set up your Help Scout mailbox to connect to your email provider to send email, instead of sending from our servers. You do not need to make changes to your DNS records if you choose to change the sending method.

Our article Outgoing Email Settings explains a bit more about the different options and has links to help with setting up the connection to your provider.

#prio1

events.wordpress.org served by wordcamp.org

Hi, the Community team would like to start using the events.wordpress.org domain for a new series of events. They’ll need many of the same tools as WordCamps, so the MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. team would like to use the wordcamp.org server to host the domain.

Can you please setup DNSDNS DNS is an acronym for Domain Name System - how you assign a human readable address to a website’s exact numeric coded location (ie. wordpress.org uses the actual IP address 198.143.164.252)., nginxNGINX NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers. https://www.nginx.com/., SSLSSL Secure Socket Layer - Encryption from the server to the browser and back. Prevents prying eyes from seeing what you are sending between your browser and the server., etc to support that? I assume it’d be similar to what was needed to add buddycamp.org.

For SSL, we’re not planning to use any 4th-level domains, only events.wordpress.org/.... So I assume the wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ wildcard is all that’s needed?

They’d like to launch the first one around the end of the month. @vnsavage, if you have time to do this in the next ~4 business days that would help us make that deadline, but I understand if not.

Thanks!

cc @dd32

#prio1

GitHub SSH host key update – SVN-Git sync

https://github.com/WordPress/wordpress-develop and the Security mirror aren’t being pushed when a SVN commit is made – this started happening when GitHub rotated it’s host key.

https://github.com/WordPress/wordpress-develop is still receiving commits, as GitHub is pulling them from git://develop.git.wordpress.org/ every 15-20 minutes, but we need to push them in order for GitHub actions to work.

https://github.com/WordPress/WordPress has also ceased syncing, and it appears not to be managed by Systems, and likely to be managed by @markjaquith who has the same GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ host key issue. We should migrate this from Mark account to something Systems managed. I’m not sure how best to do that however, as the GitGit Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. Most modern plugin and theme development is being done with this version control system. https://git-scm.com/. commit hashes do not match git://core.git.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org//, it uses a different branch naming (master, and branch-X.Y)

cc @sergeybiryukov

#svn #git #github #prio1

Upgrade TracWPCookies plugin

tl;dr: Please upgrade TracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. to run: 0.2-transitional – Supports existing cookies, and future session cookies. diff .zip. A second request will be made to upgrade to 0.2.

Currently WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ doesn’t use WordPress Sessions, this was for two reasons: 1) bbPressbbPress Free, open source software built on top of WordPress for easily creating forums on sites. https://bbpress.org. 1.x, 2) Trac

We no longer have any bbPress 1.x installations present requiring authentication, leaving Trac as the only barrier to enabling the usage of it on WordPress.org infrastructure.
Current 2FA work will require sessions in order to keep track of the authentication type and time since last-2fa-challenge.

WordPress uses user_meta to store the Sessions by default, but that’s not ideal for our usage (primarily due to PHPPHP PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. http://php.net/manual/en/intro-whatis.php. Serialized arrays needing decoding by trac python), so I’ve adopted the same table structure used on WordPress.comWordPress.com An online implementation of WordPress code that lets you immediately access a new WordPress environment to publish your content. WordPress.com is a private company owned by Automattic that hosts the largest multisite in the world. This is arguably the best place to start blogging if you have never touched WordPress before. https://wordpress.com/ for user sessions – wp_user_sessions

Here are two versions of the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party, and a diff (GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ PRs) from present for code/security review if wanted.

  • 0.2 – Supports user cookies with session tokens only diff .zip
  • 0.2-transitional – Supports existing cookies, and future session cookies. diff .zip

Installation steps:

  • Define wp_user_sessions = wporg_user_sessions in the [wordpress] section of the existing Trac config.
  • Remove existing 0.1 version of the plugin.
  • Install 0.2-transitional, Existing cookies should continue to work.

At a future date when Session support has been enabled permanently on WordPress.org:

  • Remove 0.2-transitional and replace with 0.2
  • Existing cookies at that time should be all with Sessions, and so they’ll continue to work. Older session-less cookies will no longer pass auth.

Implementation notes:

  • The auth_salt and auth_key do not need to be updated during this process, as the tokenised cookies simply add an extra token value.
  • The cookie names will remain the same to avoid any other systems-related changes needing to be made.
  • The SQL introduces a join to an additional table for sessions, a const index is used.
  • The WordPress wp_user_session code is here: https://github.com/WordPress/wporg-mu-plugins/pull/345 (It’s WordPress 6.2+, Includes memcache, is based off the WordPress.com implementation)
  • I have tested this on my own Trac + WordPress install, using both wp_user_sessions and no-session cookies.

#auth, #prio1, #trac