Mailing list questions (DMARC, ARC, more?)
Alessandro Vesely
vesely at tana.it
Mon Sep 5 11:19:48 UTC 2022
On Sun 04/Sep/2022 14:17:25 +0200 Benny Pedersen wrote:
> ARC-Authentication-Results: i=1; mx.pao1.isc.org;
> dmarc=pass (p=none dis=none) header.from=tana.it;
> spf=pass smtp.mailfrom=tana.it;
> dkim=permerror (0-bit key) header.d=tana.it header.i=@tana.it
That stanza is faulty. The key at epsilon._domainkey.tana.it is 256 bits, like
all ed25519 keys, not 0. Presumably ISC's DKIM filter doesn't support RFC8463.
> header.b=j8VJHYFh; dkim=pass (1152-bit key;
> unprotected) header.d=tana.it header.i=@tana.it header.b=DBspF3JP
The second signature, rsa, succeeds. However, why unprotected? Presumably the
library used by ISC's DKIM filter doesn't support DNSSEC.
> you have a invalid dkim signing, fix that
Nothing to fix on my side.
> note you on top of that dkim double sign
>
> one is working, one is failing
That's why I put two.
Best
Ale
--
More information about the bind-users
mailing list