On Sun, 2021-04-11 at 04:13 +0200, Thomas Bohl wrote: > Hello, > > > In the filter-dkimsign readme I suggest to use 2048 and I stand by it. > > Thanks for mentioning and coding filter-dkimsign! Somehow I was unaware > of it. I used rspamd just for DKIM. Which is overkill. The daemon racks > up nearly 28000 daily DNS requests to free services (like dnswl.org, > senderscore.com, spamhaus.org etc.) just by running. (I didn't use it as > an inbound filter. I overwrote rbl.conf. I have no clue what it is > doing.) So I switched to filter-dkimsign.
Glad you like it. > > I also switched to a 2048 bits key. Which looks good so far. Ironically > only dkimvalidator.com had a problem verifying until I relaxed the > canonicalization algorithms. That´s weird. I just tested this with simple/simple, relaxed/simple, relaxed/relaxed and simple/relaxed, all with a 2048 bits key, but all my messages got accepted. Can you reproduce this issue and share me the content of the mail (ncluding headers) that had the issue? > (Other tests like mail-tester.com or github.com/lieser/dkim_verifier had > no problem with it being simple.) > Cool, it´s always good to hear from more test-cases. martijn@
