Hello,
I’ve set up an OpenSMTPD server with opensmtpd-filter-dkimsign for DKIM
signatures using a configuration similar to this one:
https://openports.pl/path/mail/opensmtpd-filters/dkimsign
My DMARC is using p=quarantine, and I noticed emails are rejected as
"likely unsolicited mail" when sending to a gmail.com address, but
removing the ed25519 DKIM signature filter from my configuration seems
to fix the issue.
DMARC reports from gmail indicate my RSA 1024 DKIM signature is valid,
but my ed25519 fails: as far as I could find, this is expected because
gmail doesn't support verifying ed25519 DKIM signatures.
I’ve had trouble finding any DKIM verification tools that support
ed25519: Proton Mail (one of the few providers to support ed25519 DKIM
based on some articles) seems to indicate the ed25519 signature is valid.
I’d like to keep both for maximum compatibility while remaining
future-proof, but I’m not sure what to do about gmail.
Are there any other tools I could use to check that my ed25519 DKIM
signatures are in fact valid, or, if the issue is simply gmail rejecting
anything with an algorithm it doesn’t know about (even though this case
is mentionned in the DKIM specification), is there a way to remove the
ed25519 signature only for that domain? (even if it means stripping an
already calculated signature)
Thank you.
- Dual DKIM signature (RSA1024+ed25519) rejected by gmai... BetaRays
-
