[Rspamd-Users] Where to set c= regarding DKIM signature?
trashcan at ellael.org
Mon Apr 12 19:17:22 UTC 2021
Vsevolod Stakhov <vsevolod at rspamd.com> wrote:
> On 12/04/2021 18:55, Michael Grimm wrote:
>> I wonder where a DKIM signature's canonicalization flag c= is defined? And please note, that I am a newbie regarding DKIM, still.
>> My signature shows c=relaxed/relaxed but I cannot find a way to alter that to e.g. c=relaxed/simple. I do have the feeling that this might be achieved in the dkim_signing module. But I cannot find canonicalization mentioned in that module's description at all.
> Rspamd always use relaxed/relaxed canonicalization for signing as other
> types of canonicalization are almost all the time broken by design and
> are almost all the time misused by people who doesn't understand how
> that works and why their signatures are all broken after that.
Thanks, and that explains, why I couldn't find a way to modify it.
And thanks for explaining why.
> tldr; use relaxed/relaxed as suggested and allowed by Rspamd as it is
> the most proper way to do DKIM signing.
Ok, I will do that.
Now I do need to understand why I did get a report after my initial mail stating that ...
| Authentication-Results: some.server.tld;
| dkim=pass (1024-bit key; unprotected) header.d=lists.rspamd.com email@example.com header.b="ElJklMIh";
| dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=ellael.org firstname.lastname@example.org header.b="ulV1TeBn";
… and …
| ARC-Authentication-Results: i=1;
| dkim=fail ("body hash did not verify") header.d=ellael.org header.s=dkim header.b=ulV1TeBn
But that is a different story. As I mentioned before, that DKIM is completely new to me, and now I do know that the learning curve is steeper than anticipated ;-)
Thanks and regards,
More information about the Users