Amavis and OpenDMARC

Matus UHLAR - fantomas uhlar at fantomas.sk
Sat Nov 11 11:12:16 CET 2023


>>>OpenDMARC is setup as a smtpd_milter in Postfix.
>>
>>So Amavis is setup as an smtpd_milter as well?

>>>Can someone maybe shed some light on why this would be happening 
>>>or is there a different way to handle DMARC?

>On 11/11/2023 05:04, Damian wrote:
>>Do you see DKIM-related Authentication-Results headers in incoming 
>>mails?


On 11.11.23 14:41, Noel Butler wrote:
>I'm betting its dkim_minimum_key_bits set to 2048 (great - except some 
>who setup DKIM 10 years ago haven't redone keys are probably still 
>scarily using 1024 bit keys,

when I set up DKIM on a few domains a few years ago, I've read this article
https://crypto.stackexchange.com/questions/72297/recommended-key-size-for-dkim#72298
and I don't think it would be obsolete by now.

>I recall reading a post once that said those keys would soon be considered 
>a fail.

if you find it, let me know.

>Also, since they allude to "some passing", I guess they did remember 
>to set enable_dkim_verification=1 ? since from memory that explicitly 
>must be set to 0 for opendkim.

opendmarc can resolve SPF by itself, despite what its description says.  
other thing is, it's not recommended.

But it can't verify DKIM. So it's possible that SPF passes were okay, other 
mail was not.

>The OP needs to do more testing of such things and if still stumped 
>report back here,  it's very overcast here today, so my ESP link can't 
>connect ;)


-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.


More information about the amavis-users mailing list