On 2/1/26 07:54, Sagar Acharya wrote:
> Done. Thanks folks. The filter is a fantastic tool. I thank Martijn for this
> fantastic tool. Appreciate it.
>
> I must say, I was unable to add the RSA keys to the DNS. I had to use
> ed25519. The zonefile threw up invalid TXT record error for the default key
> generating tool.
RSA keys likely have to be split over multiple character-strings inside
the RR. See RFC1035 section 3.3, and RFC6376 section 3.6.2.2. How these
are split over multiple character-strings is dependent on how you host
your domain. In my experience most web-based hosters do the splitting for
you.
I'm not fully aware of the current situation, but a couple of years ago
most implementations didn't support ed25519, and I had to go out of my
way to find an implementation to test my code against. So if you want to
do just ed25519 signing, make sure that you test it against the
verifiers that are important to you. Double signing shouldn't be an
issue.
>
> Is the current mail header dkim signed?
By the looks of it, it is not. You can easily test this by sending a
mail to yourself and looking at the headers. It should look something
like:
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=deathstar; bh=KqZcBlduv1
kUJT1TkxG2kVQGBgiiVZbKVoNaK70AGjM=; h=in-reply-to:from:references:to:
subject:date; d=imperialat.at; b=NIgywDXcoDtWyaKV+qxOspP78fQSJIG3UESL5
/RSwpxzVtgf/f3YM1w5EkJEK9zr86ZYMwVo1nCy26wzScq8ocCNRDJdDQjiCI4DT+X9Kg9
6V63b9NZ1v8h8GsokWb7mpzo3dTwgmYjg6DrGahNFB0Kd0ZQUZ23b+NG353jYRgLRfdfxI
Sc5dDlUoVTOzF7crc+6/E+4cx6iv4gHRNpjcj2ITVDLA2T05AW1r8Q+AgFicRE28sPCVpU
Ru28k+ERx8K7xFYRcmItcGRa2XlQY+AQpBRGd72806Mw8lCd7TVp8Q/Zmcko1QThATi1DW
VTeEE345iBENWZiFFJ2NWc1yA==
Did you make sure you assigned the filter to the listen statement on which
you submitted your mail? If you think you set up everything correctly and
can't find what's going wrong: feel free to send your configuration, and
how you submit your mail to opensmtpd for relaying.
>
> On 1 फरवरी 2026 3:23:22 am IST, Martijn van Duren
> <[email protected]> wrote:
>> And a quick search on https://pkgs.alpinelinux.org shows me that armv7
>> packages are available. So you can just install those
>>
>> On 1/31/26 22:38, Martijn van Duren wrote:
>>> Not a user of Alpine, so no clue what they package for which arch. But
>>> repositories can be found here[0], and (recent) release tarballs can be
>>> found here[1].
>>>
>>> [0] https://src.imperialat.at/
>>> [1] https://src.imperialat.at/releases/
>>>
>>> On 1/31/26 07:43, Sagar Acharya wrote:
>>>> Filter is the right way to do it. Do you have a tarball? I am on armv7 so
>>>> I cannot use x86 package.
>>>>
>>>> I already have the keys. I just need some minimal signing. rspamd is too
>>>> heavy, I am trying to get things running.
>>>>
>>>>
>>>> On 31 जनवरी 2026 10:45:19 am IST, Martijn van Duren
>>>> <[email protected]> wrote:
>>>>> You can disable modules by setting `enabled = false` inside
>>>>> local.d/modulename.conf[0]. But especially if you just want DKIM
>>>>> signing, or just a specific subset of features that diverges too far
>>>> >from rspamd's defaults it gets really unwieldy. Then again, as the
>>>>> author of filter-dkimsign I am a bit biased. :-)
>>>>>
>>>>> And if you want a nice package... filter-dkimsign is also packaged
>>>>> on alpine[1]. It even looks like they made their own dkimsign-genkey
>>>>> script which puts my instructions for the OpenBSD package as mentioned
>>>>> by noodle into code.[2]
>>>>>
>>>>> martijn@
>>>>>
>>>>> [0] https://docs.rspamd.com/faq/#how-do-i-disable-a-module
>>>>> [1]
>>>>> https://pkgs.alpinelinux.org/package/edge/community/x86_64/opensmtpd-filter-dkimsign
>>>>> [2]
>>>>> https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/community/opensmtpd-filter-dkimsign/dkimsign-genkey
>>>>>
>>>>> On 1/31/26 05:51, Sagar Acharya wrote:
>>>>>> I am using rspamd. What is the way to use it just to sign the dkim and
>>>>>> leave the rest features?
>>>>>>
>>>>>> There is a nice package for OpenSMTPD on Alpine for it.
>>>>>>
>>>>>> On 30 जनवरी 2026 11:32:40 pm IST, [email protected] wrote:
>>>>>>> Quoth Sagar Acharya <[email protected]>:
>>>>>>>> What is the best way to setup DKIM for OpenSMTPD? GMail requires all
>>>>>>>> mail domains to have DKIM.
>>>>>>>>
>>>>>>>> Is it necessary in your view?
>>>>>>>
>>>>>>> Yup, PTR, SPF, DKIM, and DMARC are the bare minimum needed to not get
>>>>>>> blocked by Big Mail™. I use the opensmtpd-filter-dkimsign OpenSMTPD
>>>>>>> filter to sign my outgoing mails. The readme[1] it installs should
>>>>>>> explain how to set it up. If you get stuck check out these two
>>>>>>> guides, they use rspamd for DKIM signing but you can apply the same
>>>>>>> general principles with opensmtpd-filter-dkimsign with the readme on
>>>>>>> hand:
>>>>>>>
>>>>>>> https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/
>>>>>>>
>>>>>>> https://dataswamp.org/~solene/2024-07-24-openbsd-email-server-setup.html
>>>>>>>
>>>>>>> Goodluck :)
>>>>>>>
>>>>>>> [1] /usr/local/share/doc/pkg-readmes/opensmtpd-filter-dkimsign
>>>>>>>
>>>>>>>> ===============
>>>>>>>> Thanking you
>>>>>>>> Sagar Acharya
>>>>>>>> https://whitelist.co.in
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> noodle
>>>>>>>
>>>>>>
>>>>>> ===============
>>>>>> Thanking you
>>>>>> Sagar Acharya
>>>>>> https://whitelist.co.in
>>>>>>
>>>>>
>>>>>
>>>>
>>>> ===============
>>>> Thanking you
>>>> Sagar Acharya
>>>> https://whitelist.co.in
>>>>
>>>
>>>
>>
>>
>
> ===============
> Thanking you
> Sagar Acharya
> https://whitelist.co.in
>
