Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DKIM issue with ed25519 selector

One of our customers is encountering the following DKIM issue. Emails from two suppliers are consistently being quarantined due to DKIM verification. The selectors are as follows:

s=strato-dkim-0003 c=relaxed/relaxed a=ed25519-sha256 b=512
s=strato-dkim-0002 c=relaxed/relaxed a=rsa-sha256 b=2048

On the selector "strato-dkim-0003," the XG firewall reports a "fail," and the email is quarantined (presumably because of the message: "Sophos Firewall quarantines DKIM-signed emails that use RSA SHA-1 or have key length less than 1024 or more than 2048 bits.").

However, shouldn't the XG firewall fall back to the "strato-dkim-0002" selector, which is accepted?

The customer is experiencing this issue with two suppliers who both use the same provider. For now, I have implemented a workaround by excluding the mail servers of the provider from DKIM checks, but I don't consider this a proper solution.

The version is: XG310 (SFOS 19.5.3 MR-3-Build652)

This thread was automatically locked due to age.