Skynet/misc_nixos-mailserver
7
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Increase default DKIM key bits to 2048

Browse source 
This is the current recommendation in RFC 8301 from early 2018.

Fixes: #333
This commit is contained in:
Martin Weinelt 2025-08-22 22:27:46 +02:00
parent 57d9624c71
commit 2204f55329
No known key found for this signature in database
GPG key ID: 87C1E9888F856759
2 changed files with 8 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
docs/release-notes.rst
View file

@ -7,9 +7,15 @@ NixOS 25.11
- The ``systemName`` and ``systemDomain`` options have been introduced to have
reusable configurations for automated reports (DMARC, TLSRPT). They come with
reasonable defaults, but it is suggested to check and change them as needed.
- The default key length for new DKIM RSA keys was increased to 2048 bits as
recommended in `RFC 8301 3.2`_.
We recommend rotating existing keys, as the RFC advises that signatures from
1024 bit keys should not be considered valid any longer.
- DMARC reports are now sent with the ``noreply-dmarc`` localpart from the
system domain.
.. _RFC 8301 3.2: https://www.rfc-editor.org/rfc/rfc8301#section-3.2
NixOS 25.05
-----------