1

I have my Debian (7.9 "wheezy") E-Mail-server (Postfix 2.9.6-2) setup to sign and verify DKIM signatures in e-mail messages using OpenDKIM (version 2.6.8-4).

When I send myself an e-mail from my GMail account, I get the following result in the header of the e-mail:

Authentication-Results: mydomain.com; dkim=fail
    reason="verification failed; insecure key"
    header.d=googlemail.com header.i=@googlemail.com header.b=eKjydWve;
    dkim-adsp=none (insecure policy); dkim-atps=neutral

After researching for a while, I figured out that this is most likely due to lack of DNSsec on my server. Is there a simple way to work around this, or is the only solution, that I set up a local DNS server on it? And how does OpenDKIM know if I use DNSsec and can I just use 8.8.8.8 since it verifies DNSsec?

Edit: Just to clarify, my version of OpenDKIM should be compiled with libunbound since it is a dependency in the Debian package manager.

comfreak
  • 1,501
  • 1
  • 21
  • 33
  • Give us the domain so we can take a look. Chances are you're using a 512, 1024, or 2048 bit key. I believe Google wants 4096 bits as a min now. – ceejayoz Oct 14 '15 at 15:56
  • @ceejayoz I use a 2048 bit for sure. But this is actually e-mail from GMail to my domain which means these are the results of my server checking GMail's signatures. Edit: The rest of the Authentication-Results actually say: `header.d=googlemail.com header.i=@googlemail.com header.b=eKjydWve; dkim-adsp=none (insecure policy); dkim-atps=neutral` – comfreak Oct 17 '15 at 19:50

0 Answers0