[Rspamd-Users] Where to set c= regarding DKIM signature?

Michael Grimm trashcan at ellael.org
Mon Apr 12 19:17:22 UTC 2021


Vsevolod Stakhov <vsevolod at rspamd.com> wrote:
> On 12/04/2021 18:55, Michael Grimm wrote:

>> I wonder where a DKIM signature's canonicalization flag c= is defined? And please note, that I am a newbie regarding DKIM, still.
>> 
>> My signature shows c=relaxed/relaxed but I cannot find a way to alter that to e.g. c=relaxed/simple. I do have the feeling that this might be achieved in the dkim_signing module. But I cannot find canonicalization mentioned in that module's description[1] at all.
> 
> Rspamd always use relaxed/relaxed canonicalization for signing as other
> types of canonicalization are almost all the time broken by design and
> are almost all the time misused by people who doesn't understand how
> that works and why their signatures are all broken after that.

Thanks, and that explains, why I couldn't find a way to modify it. 
And thanks for explaining why. 

> tldr; use relaxed/relaxed as suggested and allowed by Rspamd as it is
> the most proper way to do DKIM signing.

Ok, I will do that.


Now I do need to understand why I did get a report after my initial mail stating that ...

| Authentication-Results: some.server.tld;
| 	dkim=pass (1024-bit key; unprotected) header.d=lists.rspamd.com header.i=@lists.rspamd.com header.b="ElJklMIh";
| 	dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=ellael.org header.i=@ellael.org header.b="ulV1TeBn";
| 	dkim-atps=neutral

… and … 

| ARC-Authentication-Results: i=1;
| 	mail.rspamd.net;
| 	dkim=fail ("body hash did not verify") header.d=ellael.org header.s=dkim header.b=ulV1TeBn


But that is a different story. As I mentioned before, that DKIM is completely new to me, and now I do know that the learning curve is steeper than anticipated ;-)

Thanks and regards,
Michael



More information about the Users mailing list