On Tue, Apr 23, 2024 at 7:33 AM dovecot-request@dovecot.org wrote:
I am upgrading to postfix 3.9.0. I have not used DKIM in previous postfix installs, but I would like to start now with the new google rules. I have done some research and opendkim is the most recommended, however, other research states the opendkim has been abandoned by it's maintainers. So I am looking for a good alternative dkim software that will work with postfix that I can compile myself. I do not run on any linux version, so therefore I can not just apt-get a new dkim application. I run Solaris and therefore need to compile my applications, postfix and dkim. Any good suggestions will be appreciated.
I just rolled out a locally compiled opendkim on my mail server. It works, but there are a few gotchas.
Although it seems like a moribund project, there is a late beta version that includes some important patches, most notably the "Header:\n LongHeaderValue" bug that needs fixing. You can look at
https://sourceforge.net/p/opendkim/patches/
to find that patch, as well as others you deem important. As DKIM standards are not going to change soon, having end-of-line software is not as bad as it seems unless you need particular enhancements to make it work better in your circumstances. Once you get your setup dialed, you can probably set it and forget it.
Most of the headaches have actually been internal: local mail injection via sendmail would skip miltering, From header canonicalization by the MTA would not be seen by the opendkim milter thereby creating messages with missing or invalid signatures, and mailing list/auto reply/forwarder software mangling messages.
I think Postfix does a better job in this regard, so these issues may not present itself. (I did a Postfix/opendkim milter on an Ubuntu system and it was much less hassle.)
You should look at *lots* of DMARC RUA reports. People are doing crazy batsh*t stuff with your mail domain.
Joseph Tam jtam.home@gmail.com