Re: Current ideas on DKIM signing ?
On 07/04/2019 01:58, Scott Kitterman wrote: On Saturday, April 06, 2019 06:32:18 PM André Rodier wrote: On Sat, 2019-04-06 at 16:55 +, Laura Smith wrote: Hi, Am currently refreshing my perimeter mail infrastructure. The current state of affairs of DKIM signing looks pretty miserable! DKIMProxy seems to be abandonware since 2010 OpenDKIM seems to be going the way of abandonware too (last release in 2015 and the bug tracker filling up). I've had a quick search on github for DKIM but can't find much of interest. We all know what software is like, you have to keep it fed and watered otherwise it starts growing bugs (or worse). I'm not too keen on using software of 2015 vintage. What is everybody using these days ? Or have I missed something in the world of email and everyone's moved from DKIM to the Next Best Thing (TM). Looking forward to your suggestions Laura Hello Laura, I am using OpenDKIM on Debian Stretch, no issue at all. One explanation might be the standard has not changed since 2015, so neither the binaries. If a major or even a minor change rise in the standard, I am sure the binaries will be updated. If you check the DKIM web site, you will see most of the documentation is old as well. http://www.dkim.org/. Adding new features on a software that works is also a nice way to add more bugs ;-). Perhaps the libraries are actually working for most of people. Kind regards, André The standard has changed. See RFC 8301 and RFC 8463. Scott K Thanks, I was not aware of this, I try to follow DKIM, but perhaps I was not using the right site. None of these standards are referenced on opendkim.org. André
Re: Current ideas on DKIM signing ?
On Saturday, April 06, 2019 06:32:18 PM André Rodier wrote: > On Sat, 2019-04-06 at 16:55 +, Laura Smith wrote: > > Hi, > > > > Am currently refreshing my perimeter mail infrastructure. > > > > The current state of affairs of DKIM signing looks pretty miserable! > > > > DKIMProxy seems to be abandonware since 2010 > > > > OpenDKIM seems to be going the way of abandonware too (last release in > > 2015 and the bug tracker filling up). > > > > I've had a quick search on github for DKIM but can't find much of > > interest. > > > > We all know what software is like, you have to keep it fed and watered > > otherwise it starts growing bugs (or worse). I'm not too keen on using > > software of 2015 vintage. > > > > What is everybody using these days ? Or have I missed something in the > > world of email and everyone's moved from DKIM to the Next Best Thing > > (TM). > > > > Looking forward to your suggestions > > > > Laura > > Hello Laura, > > I am using OpenDKIM on Debian Stretch, no issue at all. > > One explanation might be the standard has not changed since 2015, so > neither the binaries. If a major or even a minor change rise in the > standard, I am sure the binaries will be updated. > > If you check the DKIM web site, you will see most of the documentation > is old as well. http://www.dkim.org/. > > Adding new features on a software that works is also a nice way to add > more bugs ;-). Perhaps the libraries are actually working for most of > people. > > Kind regards, > André The standard has changed. See RFC 8301 and RFC 8463. Scott K
Re: Current ideas on DKIM signing ?
On Saturday, April 06, 2019 04:55:58 PM Laura Smith wrote: > Hi, > > Am currently refreshing my perimeter mail infrastructure. > > The current state of affairs of DKIM signing looks pretty miserable! > > DKIMProxy seems to be abandonware since 2010 > > OpenDKIM seems to be going the way of abandonware too (last release in 2015 > and the bug tracker filling up). > > I've had a quick search on github for DKIM but can't find much of interest. > > We all know what software is like, you have to keep it fed and watered > otherwise it starts growing bugs (or worse). I'm not too keen on using > software of 2015 vintage. > > What is everybody using these days ? Or have I missed something in the > world of email and everyone's moved from DKIM to the Next Best Thing (TM). > > Looking forward to your suggestions I've written https://launchpad.net/dkimpy-milter It is not yet particularly suitable for complex, multi-domain setups, but for smaller users works well (I use it - this message will be signed by it). Unlike any other released postfix option (the OpenDKIM beta has limited support) it supports both RSA and Ed25519 signing/verifying. It's configuration syntax is almost entirely compatible with OpenDKIM's (It supports a subset of OpenDKIM's options and has a few of it's own added to support Ed25519). I feel your pain. I wrote it in part so we could have multiple Ed25519 implementations for the IETF DCRUP working group and in part due to frustration with lack of progress with OpenDKIM. Scott K
Re: Current ideas on DKIM signing ?
On Sat, 2019-04-06 at 16:55 +, Laura Smith wrote: > Hi, > > Am currently refreshing my perimeter mail infrastructure. > > The current state of affairs of DKIM signing looks pretty miserable! > > DKIMProxy seems to be abandonware since 2010 > > OpenDKIM seems to be going the way of abandonware too (last release in 2015 > and the bug tracker filling up). > > I've had a quick search on github for DKIM but can't find much of interest. > > We all know what software is like, you have to keep it fed and watered > otherwise it starts growing bugs (or worse). I'm not too keen on using > software of 2015 vintage. > > What is everybody using these days ? Or have I missed something in the world > of email and everyone's moved from DKIM to the Next Best Thing (TM). > > Looking forward to your suggestions > > Laura > Hello Laura, I am using OpenDKIM on Debian Stretch, no issue at all. One explanation might be the standard has not changed since 2015, so neither the binaries. If a major or even a minor change rise in the standard, I am sure the binaries will be updated. If you check the DKIM web site, you will see most of the documentation is old as well. http://www.dkim.org/. Adding new features on a software that works is also a nice way to add more bugs ;-). Perhaps the libraries are actually working for most of people. Kind regards, André -- André Rodier HomeBox: https://github.com/progmaticltd/homebox
Re: Current ideas on DKIM signing ?
* Laura Smith: > OpenDKIM seems to be going the way of abandonware too (last release in > 2015 and the bug tracker filling up). Pre-release 2.11.0-Beta2 is dated 2018-11-15. Michael Orlitzky and I are currently working on a pull request to introduce improvements for OpenRC and systemd, which we already have made available for Gentoo Linux. Not that this PR has been met with any reaction by Murray so far, but we're not giving up hope yet. ;-) -Ralph
Re: Current ideas on DKIM signing ?
On Sat, 6 Apr 2019 at 17:57, Laura Smith wrote: > Am currently refreshing my perimeter mail infrastructure. > The current state of affairs of DKIM signing looks pretty miserable! > DKIMProxy seems to be abandonware since 2010 > OpenDKIM seems to be going the way of abandonware too (last release in > 2015 and the bug tracker filling up). > I've had a quick search on github for DKIM but can't find much of interest. > We all know what software is like, you have to keep it fed and watered > otherwise it starts growing bugs (or worse). I'm not too keen on using > software of 2015 vintage. > What is everybody using these days ? Or have I missed something in the > world of email and everyone's moved from DKIM to the Next Best Thing (TM). > I use opendkim and don't have any problems with it (also opendmarc 1.3.2).
Current ideas on DKIM signing ?
Hi, Am currently refreshing my perimeter mail infrastructure. The current state of affairs of DKIM signing looks pretty miserable! DKIMProxy seems to be abandonware since 2010 OpenDKIM seems to be going the way of abandonware too (last release in 2015 and the bug tracker filling up). I've had a quick search on github for DKIM but can't find much of interest. We all know what software is like, you have to keep it fed and watered otherwise it starts growing bugs (or worse). I'm not too keen on using software of 2015 vintage. What is everybody using these days ? Or have I missed something in the world of email and everyone's moved from DKIM to the Next Best Thing (TM). Looking forward to your suggestions Laura
Re: GF 3.3, unsupported dictionary type: mysql
On Sat, April 6, 2019 8:47 pm, John Fawcett wrote: > On 06/04/2019 01:43, li...@sbt.net.au wrote: >> what did I do wrong ? > > no mysql file in dynamicmaps.cf.d ? > > I guess it should have been in the postfix3-mysql pacakge you installed > > > yum --enablerepo=gf-plus whatprovides > /etc/postfix/dynamicmaps.cf.d/mysql.cf John, thanks yes, I'm not sure what I did wrong, but, I've looked at a Centos 7 I migrated recently, and, it did have both dynamicmaps.cf as well as dynamicmaps.cf.d dir, so I simply created same on this, and, it seems I'm one step further... no more errors.. so maybe I've missed something that required on C6, not sure thanks again, V
Re: GF 3.3, unsupported dictionary type: mysql
On 06/04/2019 01:43, li...@sbt.net.au wrote: > I'm trying to migrate server to new vm, installed postfix* from GF (1) > > but, after copying over main.cf/master.cf get this: > > > Apr 6 00:34:46 emu postfix/proxymap[15601]: error: unsupported dictionary > type: mysql > Apr 6 00:34:46 emu postfix/proxymap[15601]: error: unsupported dictionary > type: mysql > ... > > postconf shows no mysql > > Centos 6 > > daemon started -- version 3.3.3, configuration /etc/postfix > > > Linux 2.6.32-754.10.1.el6.x86_64 #1 SMP Tue Jan 15 17:07:28 UTC 2019 > x86_64 x86_64 x86_64 GNU/Linux > > > what did I do wrong ? no mysql file in dynamicmaps.cf.d ? I guess it should have been in the postfix3-mysql pacakge you installed yum --enablerepo=gf-plus whatprovides /etc/postfix/dynamicmaps.cf.d/mysql.cf John