RE: Which DKIM application for postfix 3.9.0
On Tue, Apr 23, 2024 at 7:33 AM dovecot-request@dovecot.org wrote:
I am upgrading to postfix 3.9.0. I have not used DKIM in previous postfix installs, but I would like to start now with the new google rules. I have done some research and opendkim is the most recommended, however, other research states the opendkim has been abandoned by it's maintainers. So I am looking for a good alternative dkim software that will work with postfix that I can compile myself. I do not run on any linux version, so therefore I can not just apt-get a new dkim application. I run Solaris and therefore need to compile my applications, postfix and dkim. Any good suggestions will be appreciated.
I just rolled out a locally compiled opendkim on my mail server. It works, but there are a few gotchas.
Although it seems like a moribund project, there is a late beta version that includes some important patches, most notably the "Header:\n LongHeaderValue" bug that needs fixing. You can look at
https://sourceforge.net/p/opendkim/patches/to find that patch, as well as others you deem important. As DKIM standards are not going to change soon, having end-of-line software is not as bad as it seems unless you need particular enhancements to make it work better in your circumstances. Once you get your setup dialed, you can probably set it and forget it.
Most of the headaches have actually been internal: local mail injection via sendmail would skip miltering, From header canonicalization by the MTA would not be seen by the opendkim milter thereby creating messages with missing or invalid signatures, and mailing list/auto reply/forwarder software mangling messages.
I think Postfix does a better job in this regard, so these issues may not present itself. (I did a Postfix/opendkim milter on an Ubuntu system and it was much less hassle.)
You should look at *lots* of DMARC RUA reports. People are doing crazy batsh*t stuff with your mail domain.
Joseph Tam jtam.home@gmail.com
Just for completeness sake I will throw some in:
*) https://launchpad.net/dkimpy-milter *) https://lib.rs/crates/dkim-milter *) https://github.com/fastmail/authentication_milter
I have not yet had time to look at them, so no comment on their usability.
regards, Robert
On 24.04.24 00:06, Joseph Tam via dovecot wrote:
On Tue, Apr 23, 2024 at 7:33 AM dovecot-request@dovecot.org wrote:
I am upgrading to postfix 3.9.0. I have not used DKIM in previous postfix installs, but I would like to start now with the new google rules. I have done some research and opendkim is the most recommended, however, other research states the opendkim has been abandoned by it's maintainers. So I am looking for a good alternative dkim software that will work with postfix that I can compile myself. I do not run on any linux version, so therefore I can not just apt-get a new dkim application. I run Solaris and therefore need to compile my applications, postfix and dkim. Any good suggestions will be appreciated.
I just rolled out a locally compiled opendkim on my mail server. It works, but there are a few gotchas.
Although it seems like a moribund project, there is a late beta version that includes some important patches, most notably the "Header:\n LongHeaderValue" bug that needs fixing. You can look at
https://sourceforge.net/p/opendkim/patches/to find that patch, as well as others you deem important. As DKIM standards are not going to change soon, having end-of-line software is not as bad as it seems unless you need particular enhancements to make it work better in your circumstances. Once you get your setup dialed, you can probably set it and forget it.
Most of the headaches have actually been internal: local mail injection via sendmail would skip miltering, From header canonicalization by the MTA would not be seen by the opendkim milter thereby creating messages with missing or invalid signatures, and mailing list/auto reply/forwarder software mangling messages.
I think Postfix does a better job in this regard, so these issues may not present itself. (I did a Postfix/opendkim milter on an Ubuntu system and it was much less hassle.)
You should look at *lots* of DMARC RUA reports. People are doing crazy batsh*t stuff with your mail domain.
Joseph Tam jtam.home@gmail.com
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
Talking about completeness, you can also use rspamd (https://www.rspamd.com https://www.rspamd.com/). While it it design to to more than DKIM, it can be use for it.
I have an internal mailer relay based on postfix and rspamd that works great.
Le 24 avr. 2024 à 09:40, infoomatic via dovecot dovecot@dovecot.org a écrit :
Just for completeness sake I will throw some in:
*) https://launchpad.net/dkimpy-milter *) https://lib.rs/crates/dkim-milter *) https://github.com/fastmail/authentication_milter
I have not yet had time to look at them, so no comment on their usability.
regards, Robert
On 24.04.24 00:06, Joseph Tam via dovecot wrote:
On Tue, Apr 23, 2024 at 7:33 AM dovecot-request@dovecot.org wrote:
I am upgrading to postfix 3.9.0. I have not used DKIM in previous postfix installs, but I would like to start now with the new google rules. I have done some research and opendkim is the most recommended, however, other research states the opendkim has been abandoned by it's maintainers. So I am looking for a good alternative dkim software that will work with postfix that I can compile myself. I do not run on any linux version, so therefore I can not just apt-get a new dkim application. I run Solaris and therefore need to compile my applications, postfix and dkim. Any good suggestions will be appreciated.
I just rolled out a locally compiled opendkim on my mail server. It works, but there are a few gotchas.
Although it seems like a moribund project, there is a late beta version that includes some important patches, most notably the "Header:\n LongHeaderValue" bug that needs fixing. You can look at
https://sourceforge.net/p/opendkim/patches/to find that patch, as well as others you deem important. As DKIM standards are not going to change soon, having end-of-line software is not as bad as it seems unless you need particular enhancements to make it work better in your circumstances. Once you get your setup dialed, you can probably set it and forget it.
Most of the headaches have actually been internal: local mail injection via sendmail would skip miltering, From header canonicalization by the MTA would not be seen by the opendkim milter thereby creating messages with missing or invalid signatures, and mailing list/auto reply/forwarder software mangling messages.
I think Postfix does a better job in this regard, so these issues may not present itself. (I did a Postfix/opendkim milter on an Ubuntu system and it was much less hassle.)
You should look at *lots* of DMARC RUA reports. People are doing crazy batsh*t stuff with your mail domain.
Joseph Tam jtam.home@gmail.com
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
I'm using dkimproxy together with postfix/dovecot
Gr., Jack
Op 24-04-2024 om 11:03 schreef Jean-Daniel Dupas via dovecot:
Talking about completeness, you can also use rspamd (https://www.rspamd.com https://www.rspamd.com/). While it it design to to more than DKIM, it can be use for it.
I have an internal mailer relay based on postfix and rspamd that works great.
Le 24 avr. 2024 à 09:40, infoomatic via dovecot dovecot@dovecot.org a écrit :
Just for completeness sake I will throw some in:
*) https://launchpad.net/dkimpy-milter *) https://lib.rs/crates/dkim-milter *) https://github.com/fastmail/authentication_milter
I have not yet had time to look at them, so no comment on their usability.
regards, Robert
On 24.04.24 00:06, Joseph Tam via dovecot wrote:
On Tue, Apr 23, 2024 at 7:33 AM dovecot-request@dovecot.org wrote:
I am upgrading to postfix 3.9.0. I have not used DKIM in previous postfix installs, but I would like to start now with the new google rules. I have done some research and opendkim is the most recommended, however, other research states the opendkim has been abandoned by it's maintainers. So I am looking for a good alternative dkim software that will work with postfix that I can compile myself. I do not run on any linux version, so therefore I can not just apt-get a new dkim application. I run Solaris and therefore need to compile my applications, postfix and dkim. Any good suggestions will be appreciated. I just rolled out a locally compiled opendkim on my mail server. It works, but there are a few gotchas.
Although it seems like a moribund project, there is a late beta version that includes some important patches, most notably the "Header:\n LongHeaderValue" bug that needs fixing. You can look at
https://sourceforge.net/p/opendkim/patches/to find that patch, as well as others you deem important. As DKIM standards are not going to change soon, having end-of-line software is not as bad as it seems unless you need particular enhancements to make it work better in your circumstances. Once you get your setup dialed, you can probably set it and forget it.
Most of the headaches have actually been internal: local mail injection via sendmail would skip miltering, From header canonicalization by the MTA would not be seen by the opendkim milter thereby creating messages with missing or invalid signatures, and mailing list/auto reply/forwarder software mangling messages.
I think Postfix does a better job in this regard, so these issues may not present itself. (I did a Postfix/opendkim milter on an Ubuntu system and it was much less hassle.)
You should look at *lots* of DMARC RUA reports. People are doing crazy batsh*t stuff with your mail domain.
Joseph Tam jtam.home@gmail.com
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
participants (4)
-
infoomatic
-
Jack Raats
-
Jean-Daniel Dupas
-
Joseph Tam