[pfx] Re: Recommendation for dkim signing

Mon, 06 Nov 2023 02:51:34 -0800 

* Jens Hoffrichter via Postfix-users <[email protected]>:
> Hi!
> 
> We are looking into implementing DKIM signing for one of our services,
> and there are multiple ways to implement that.
> 
> So far I have found that you can do it with opendkim and amavis - any
> recommendation for one or the other, or maybe something completely
> different I haven't found yet?

amavis::
    amavis does nor support ED25519 and will very likley never will. There's a
    none open DMARC / DKIM / SPF addon but I doubt the company who built that
    will ever open source it.
opendkim::
    opendkim supports RSA-SHA256 and a (few years old) BETA also supports
    ED25519-SHA256. Last time I had a look the BETA was still BETA though I
    can confirm it works very reliably even on larger platforms (ISP).
dkimpy-milter::
    dkimpy-milter supports RSA-SHA256 and ED25519-SHA256. If you have
    experience running opendkim you will feel at home using dkimpy-milter.
    dkimpy-milter used to have and I don't know if it still has problems
    handling email message headers containing UTF-8 chars when there shouldn't
    be any, like in a Subject that reads "Passwort zurücksetzen", which MUST
    be ISO encoded, but then there are developers who don't know that and …
    dkimpy-milter crashes because of the way Python 3.x handles UTF-8. I've
    no idea if Scott has found time to address and fix that.
rspamd::
    rspamd supports RSA-SHA256 and ED25519-SHA256 though the documentation
    hardly mentions this fact. If you want to add signatures to outbound
    messages only you might turn off all other scanning (spam, malware, …)
    rspamd provides to increase performance and avoid false positives or
    unwanted learning.

My recommendation: Use rspamd if you are using it anyway on your platform. It
handles email reliably and supports RSA-SHA256 and ED25519-SHA256. If you need
a DKIM signer on servers that relay outbound mail only use opendkim's BETA.

p@rick

-- 
[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein

_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to