I have my Debian (7.9 "wheezy") E-Mail-server (Postfix 2.9.6-2) setup to sign and verify DKIM signatures in e-mail messages using OpenDKIM (version 2.6.8-4).
When I send myself an e-mail from my GMail account, I get the following result in the header of the e-mail:
Authentication-Results: mydomain.com; dkim=fail
reason="verification failed; insecure key"
header.d=googlemail.com [email protected] header.b=eKjydWve;
dkim-adsp=none (insecure policy); dkim-atps=neutral
After researching for a while, I figured out that this is most likely due to lack of DNSsec on my server. Is there a simple way to work around this, or is the only solution, that I set up a local DNS server on it? And how does OpenDKIM know if I use DNSsec and can I just use 8.8.8.8 since it verifies DNSsec?
Edit: Just to clarify, my version of OpenDKIM should be compiled with libunbound since it is a dependency in the Debian package manager.
0 Answers