Hello. Kirill A. Korinsky wrote in <5285e80cbc0d1...@mx2.catap.net>: |On Fri, 10 May 2024 10:47:43 +0100, |Stuart Henderson <s...@spacehopper.org> wrote: |> On 2024/05/10 11:40, Matthieu Herrb wrote: |>> Afaict dkimpproxy is not using opendkim but p5-Mail-DKIM. dkimproxy |>> itself also hasn't seen a update since many years, but the underlying |>> perl lib has been last updated last january (and could use an update |>> in the port). |>> |>> So unless you imply that because many people use opendkim, ed25519 |>> based signatures shouldn't be used at all I'm not sure I understand |>> what you're saying. |> |> ed25519 can be used, but at the moment if you do use it, you probably |> want to be double-signing with both that + rsa-sha256. |> | |I imply that using ed25519 usually leads to malformed signature, and some |big hosting providers treat double signature as bad signature if some of |them are not RSA-SHA256. A notable example is icloud.com, which delivers \ |all |emails with double signatures to the junk folder. At least that's what they |did the last time I checked in December'23.
Then these are not standard compliant. The DKIM standard 6376 *explicitly* supports multiple signatures. |So I suggest to put in README and config exmaple that using anything other |than RSA-SHA256 may lead to delivery email to thte junk. Unfortunately, \ |this |includes duble signatures as well. On the IETF DKIM list there are people which told me they use such a configuration since 2019 without any issues, and i myself use it for two months, too, and did not have problems; that cloud thing i never saw, though. Btw my postfix-only s-dkim-sign will become a port soon, i only want to have an update to s-postgray first, and then do all the ports in one go. Dunno whether i make it tomorrow, but early next week for sure. (It simply compiles, tests and runs on OpenBSD out of the box.) --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
