DKIM verfication of my emails has been failing for outbound email when
received by other systems. This email contains those signatures. I don't
check DKIM inbound so that's not a concern.
I created DNS entries for both rsa and ed25519 keys. The subject hosts
are metis.rbcarleton.net (internal) and terminus.rbcarleton.net
(external). I use smtpd for my MTAs, and use the
opensmtpd-filter-dkimsign-0.5p2 package to sign my outbound emails. I'm
running OpenBSD 7.4.
Here's the SPF/DMARC/DKIM DNS for rbcarleton.net:
---cut here---
600 IN TXT "v=spf1 ip4:155.138.244.69
ip6:2001:19f0:6402:39e:5400:4ff:fe49:8b44 a mx -all"
_dmarc 600 IN TXT
"v=DMARC1;p=none;sp=none;pct=100;adkim=r;aspf=r;fo=1;ri=86400;rua=mailto:dm...@rbcarleton.net";
dk-rsa-20240404._domainkey 600 IN TXT
v=DKIM1;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzqZNKQgFO2yTVwVmDr+t2w3ez+q1NOEcSSRmHEwK9PnD+grQYHgJeKNpUi3E4xHBDR/HVWxC4aRsZqOIj71SVzRY6GmDV7y2qRZWk4eNOT16u/dedjQFJO7H9lP221zbgGzCI2Kbut1ZVCYttr5qi6L1zuIQvbPJrlwgZpyK+x3wpqvdBmDwdrBFOpLKsODrXsIflsE7NK2TQFJsy4EnVn2FACjiq+X1ut1DMT/If3wzA9q2yjT6kRCwT0z28icAUtF6JHXGmrmWAcLYiLX/ARnVaC7wrZnZ5462AWRXi/hqvfhPHoH7tdMzmmwHBQUsK7I3VkCasVm7VBNKza/0twIDAQAB
dk-ed25519-20240404._domainkey 600 IN TXT
v=DKIM1;k=ed25519;p=xWqw3KWGhpEmIw5M0/eNi3SKcA6euhAmPh3Xs/vhPxs=
dk-metis-rsa-20240404._domainkey 600 IN TXT
v=DKIM1;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzqZNKQgFO2yTVwVmDr+t2w3ez+q1NOEcSSRmHEwK9PnD+grQYHgJeKNpUi3E4xHBDR/HVWxC4aRsZqOIj71SVzRY6GmDV7y2qRZWk4eNOT16u/dedjQFJO7H9lP221zbgGzCI2Kbut1ZVCYttr5qi6L1zuIQvbPJrlwgZpyK+x3wpqvdBmDwdrBFOpLKsODrXsIflsE7NK2TQFJsy4EnVn2FACjiq+X1ut1DMT/If3wzA9q2yjT6kRCwT0z28icAUtF6JHXGmrmWAcLYiLX/ARnVaC7wrZnZ5462AWRXi/hqvfhPHoH7tdMzmmwHBQUsK7I3VkCasVm7VBNKza/0twIDAQAB
dk-metis-ed25519-20240404._domainkey 600 IN TXT
v=DKIM1;k=ed25519;p=Ro41ZKYFrQ8n3wlyDnj2wARjTc5VVrePBawtMNy83GE=
---cut here---
Then metis.rbcarleton.net:
---cut here---
600 IN TXT "v=spf1 ip4:155.138.244.69
ip6:2001:19f0:6402:39e:5400:4ff:fe49:8b44 a mx -all"
_dmarc.metis 600 IN TXT
"v=DMARC1;p=none;sp=none;pct=100;adkim=r;aspf=r;fo=1;ri=86400;rua=mailto:dm...@rbcarleton.net";
dk-metis-rsa-20240404._domainkey 600 IN TXT
v=DKIM1;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzqZNKQgFO2yTVwVmDr+t2w3ez+q1NOEcSSRmHEwK9PnD+grQYHgJeKNpUi3E4xHBDR/HVWxC4aRsZqOIj71SVzRY6GmDV7y2qRZWk4eNOT16u/dedjQFJO7H9lP221zbgGzCI2Kbut1ZVCYttr5qi6L1zuIQvbPJrlwgZpyK+x3wpqvdBmDwdrBFOpLKsODrXsIflsE7NK2TQFJsy4EnVn2FACjiq+X1ut1DMT/If3wzA9q2yjT6kRCwT0z28icAUtF6JHXGmrmWAcLYiLX/ARnVaC7wrZnZ5462AWRXi/hqvfhPHoH7tdMzmmwHBQUsK7I3VkCasVm7VBNKza/0twIDAQAB
dk-metis-ed25519-20240404._domainkey 600 IN TXT
v=DKIM1;k=ed25519;p=Ro41ZKYFrQ8n3wlyDnj2wARjTc5VVrePBawtMNy83GE=
---cut here---
I was selective in what I included in the email for the sake of
brevity. I figured dig would be used to see the rest.
I followed the opensmtpd-filter-dkimsign pkg-readme. I've also done some
reading to sanity check my DNS. Any suggestions. I'm kind of
stumped. It's probably something silly, but managing MTAs isn't my day
job, so I have less wisdom for this than I should.
TIA,
--Bruce
