Use rspamd for DKIM signing, drop OpenDKIM (!374) · Merge requests · simple-nixos-mailserver / nixos-mailserver

OpenDKIM has not been updated in the last 7 years and failed to adopt RFC8463, which introduces Ed25519-SHA256 signatures.

It has thereby held back the DKIM ecosystem, which relies on the DNS system to publish its public keys. The DNS system in turn does not handle large record sizes well, which is why Ed25519 public keys would be preferable, but I'm not sure the ecosystem has caught up, so we stay on the conservative side with RSA for now.

Fixes: #203 (closed) #210 (closed) #279 (closed)
Obsoletes: !162 (closed) !338 (closed)
Supersedes: !246 (closed)

Edited May 05, 2025 by Martin Weinelt

Use rspamd for DKIM signing, drop OpenDKIM

Merge request reports