[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: just a test

Subject: Re: just a test
From: Alessandro Vesely <vesely@xxxxxxx>
Date: Sun, 17 Jul 2022 12:00:59 +0200

Hi,

On Sat 16/Jul/2022 17:01:48 +0200 Benny Pedersen wrote:

Charles E. Lehner skrev den 2022-07-16 16:53:

Hi Ale,

On Sat, 16 Jul 2022 16:03:58 +0200
Alessandro Vesely <vesely@xxxxxxx> wrote:

Here you are:
[...]


Thanks!

That's cool that you have an authentication result for dnswl.

That's Courier-MTA's implemention of -allow. It can also be used tomitigate SPF forwarding failures (allowok keyword).

Unfortunately, my mail server (Postfix/OpenDKIM/OpenDMARC) couldn't
authenticate your message; I'm not sure why:

Authentication-Results: celehner.com; dmarc=fail (p=none dis=none)
header.from=tana.it
Authentication-Results: celehner.com; spf=pass smtp.mailfrom=dnswl.org
Authentication-Results: celehner.com;
    dkim=pass header.d=dnswl.org header.i=@dnswl.org
header.a=ed25519-sha256 header.s=dnswl-ed25519-59hs header.b=wb43Yhi9;



So your version of OpenDKIM handles ed25519.

    dkim=pass (2048-bit key; unprotected) header.d=dnswl.org
header.i=@dnswl.org header.a=rsa-sha256 header.s=dnswl-rsa-wgJg
header.b=wMJo11c/;
    dkim=temperror header.d=tana.it header.i=@tana.it
header.a=ed25519-sha256 header.s=epsilon header.b=RQWs9USb;

That must have been a DNS error. Why doesn't it say whether the keywas secure or unprotected?

    dkim=neutral header.d=tana.it header.i=@tana.it header.a=rsa-sha256
header.s=delta header.b=Dfpy1mDS;

There is no t=s in delta._domainkey.tana.it. Since the verificationfailed it should've been temperror too.

    dkim-atps=neutral

Anyone else have a result here?

DNSWL is able to handle it fine:

So there was no signing error. Indeed my server verified all foursignatures.


Does this message pass?

imho tana.it have 512 bit key size, opendkim now have 1024 as minimalkey size, dnswl accept key size 512 :=)
what is the gold of ed25519 then ?

update tana.it to 2048 and i believe all bugs are gone

No, ed25519 only admits 256-bit keys. That's the main reason why DKIMadopted it, after the difficulties of entering long keys in the DSN.



Best
Ale

Follow-Ups:
Re: just a test	"Charles E. Lehner" <cel@xxxxxxxxxxxx>

References:
just a test	Benny Pedersen <me@xxxxxxx>
Re: just a test	M Champion <debacletw8@xxxxxxxxx>
Re: just a test	Benny Pedersen <me@xxxxxxx>
Re: just a test	"Charles E. Lehner" <cel@xxxxxxxxxxxx>
Re: just a test	Alessandro Vesely <vesely@xxxxxxx>
Re: just a test	"Charles E. Lehner" <cel@xxxxxxxxxxxx>
Re: just a test	Benny Pedersen <me@xxxxxxx>