On Sun, 2021-04-11 at 04:13 +0200, Thomas Bohl wrote:
> Hello,
>
> > In the filter-dkimsign readme I suggest to use 2048 and I stand by it.
>
> Thanks for mentioning and coding filter-dkimsign! Somehow I was unaware
> of it. I used rspamd just for DKIM. Which is overkill. The daemon racks
> up nearly 28000 daily DNS requests to free services (like dnswl.org,
> senderscore.com, spamhaus.org etc.) just by running. (I didn't use it as
> an inbound filter. I overwrote rbl.conf. I have no clue what it is
> doing.) So I switched to filter-dkimsign.
Glad you like it.
>
> I also switched to a 2048 bits key. Which looks good so far. Ironically
> only dkimvalidator.com had a problem verifying until I relaxed the
> canonicalization algorithms.
That´s weird. I just tested this with simple/simple, relaxed/simple,
relaxed/relaxed and simple/relaxed, all with a 2048 bits key, but all my
messages got accepted. Can you reproduce this issue and share me the
content of the mail (ncluding headers) that had the issue?
> (Other tests like mail-tester.com or github.com/lieser/dkim_verifier had
> no problem with it being simple.)
>
Cool, it´s always good to hear from more test-cases.
martijn@