opendmarc was very recently updated due to a security issue IIRC, I
think was end of May start of June, v 1.4.1. Might have been on
spamassassin list.
I had a discussion with that person who's told me opendkim (which wont
build on current supported openssl's without a patch), is being worked
on next - though he gave me no time frame.
I do share your concern, if we are all applying a patch for past year or
2, it would take mere minutes for them as well and update the site, so
people can at least build it and use it, and add anything new afterwards
for another release, given this was about 5 months ago now, it's obvious
they don't seem to give two ####'s about it really.
On 15/10/2021 06:10, Mary via mailop wrote:
I've tried to get in touch with the OpenDKIM developers with little
success, it appears that the project was alive 10 years ago with lots
of development effort, which eventually died along with all their other
projects (OpenDMARC, OpenARC, etc)
Some poor dev seems to make a few adjustments here and there, but with
no real commitment.
They seem like dead projects to me.
On Thu, 14 Oct 2021 21:35:02 +0200 Alexey Shpakovsky via mailop
<mailop@mailop.org> wrote:
1) install OpenDKIM
2) set it to use rsa-sha256
What means two things: first, self-host email admins might simply be
not
aware of ed25519; Second, OpenDKIM seems to be the most popular tool
for
this job (please correct me if I'm wrong here).
Worth noting that OpenDKIM's latest stable release was in 2015, and
latest
beta in 2018. The app seems to be in somewhat active development on
Github, but to see it you must switch from default "master" branch to
more
active "develop" one.
Ed25519 signing and verifying is supported in the latest beta, but
dual-signing is not supported at all.
So maybe someone bigger than me can approach those guys and ask them
to
add a dual-signing (issue #6 in their github), and make a release
already?
Also, someone could've implemented DKIM signing primarily in hope to
increase mail _deliverability_, not _security_. Note that there is a
support.google.com page titled "Prevent mail to Gmail users from being
blocked or sent to spam" which also mentions DKIM signatures.
So maybe to make a wide public interested in ed25519, one of big
players
could start a _rumor_ that using ed25519 DKIM signatures _might_
increase
chances that your message passes GMail spam filter?
After all, they were able to push everyone to turn to HTTPS in
WWW-world,
so why not do the same in SMTP-land? Heck, I have a friend who annoyed
me
hard enough that I've enabled TLS for outgoing SMTP connections just
so
that he could see a gray padlock in his GMail client instead of red!
Given
that my VPS provider seems to have direct peering with Google, I doubt
it
improves real security in any way.
Thanks for reading so much,
Alexey.
--
Regards,
Noel Butler
This Email, including attachments, may contain legally privileged
information, therefore at all times remains confidential and subject to
copyright protected under international law. You may not disseminate
this message without the authors express written authority to do so.
If you are not the intended recipient, please notify the sender then
delete all copies of this message including attachments immediately.
Confidentiality, copyright, and legal privilege are not waived or lost
by reason of the mistaken delivery of this message._______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
