Greetings, On Sat, 11 May 2024 00:21:18 +0100, Steffen Nurpmeso <stef...@sdaoden.eu> wrote: > > Hello. > > Kirill A. Korinsky wrote in > <5285e80cbc0d1...@mx2.catap.net>:
BTW this is quite wired address which seems like Message-Id > | > |I imply that using ed25519 usually leads to malformed signature, and some > |big hosting providers treat double signature as bad signature if some of > |them are not RSA-SHA256. A notable example is icloud.com, which delivers \ > |all > |emails with double signatures to the junk folder. At least that's what they > |did the last time I checked in December'23. > > Then these are not standard compliant. The DKIM standard 6376 > *explicitly* supports multiple signatures. > Yes, RFC may imply that but OpenDKMI was released quite a while ago and the last stable release seems that doesn't handle well this case. > |So I suggest to put in README and config exmaple that using anything other > |than RSA-SHA256 may lead to delivery email to thte junk. Unfortunately, \ > |this > |includes duble signatures as well. > > On the IETF DKIM list there are people which told me they use such > a configuration since 2019 without any issues, and i myself use it > for two months, too, and did not have problems; that cloud thing > i never saw, though. > Here I've sent to some tool which is used to check email configuration a test email with 2 singatures [1] and with 1 [2], the same behaviour I saw in icloud.com. I've tracked that issue last Decemner and it had status that second signature or non RSA-SHA256 leads to not valid signature and delivery email into junk folder. Probably. Footnotes: [1] https://mxtoolbox.com/deliverability/8d9efa25-f421-4582-a0fb-652f0146dfce [2] https://mxtoolbox.com/deliverability/42b985b2-c8a1-44b2-a9ed-4bf86a604e54 -- wbr, Kirill