(github.com)

443 points miles | 5 comments | 17 Jun 24 17:35 UTC | HN request time: 0.495s | source

1. nubinetwork ◴[18 Jun 24 04:03 UTC] No.40713959[source]▶

These kinds of articles pop up on HN all the time...

Give me a mail server that can use LE for certificates and I'll gladly give DKIM and DMARC a try...

replies(2): >>40714053 #>>40714150 #

2. yubiox ◴[18 Jun 24 04:23 UTC] No.40714053[source]▶

>>40713959 (TP) #

Sendmail

replies(1): >>40714082 #

3. nubinetwork ◴[18 Jun 24 04:29 UTC] No.40714082[source]▶

>>40714053 #

I can't believe sendmail still exists... worst configuration format ever.

4. inejge ◴[18 Jun 24 04:44 UTC] No.40714150[source]▶

>>40713959 (TP) #

You don't need public certificates for DKIM, it uses privately generated ones for as long as you want to keep them. (A security researcher recently found quite a few domains using weak DKIM keys generated by buggy Debian OpenSSL, more than fifteen years ago.)

replies(1): >>40714289 #

5. nubinetwork ◴[18 Jun 24 05:20 UTC] No.40714289[source]▶

>>40714150 #

I could swear at one point you needed one, but I just half-setup opendkim and it generated one without me needing to make one by hand... when I get around to updating the DNS on my personal domains, I guess I'll see how things turn out.

↑

Understanding SPF, DKIM, and DMARC: A Simple Guide