I received an email sent via HubSpot. It has two DKIM signatures. Postfix
shows this:
Authentication-Results: DOMAIN1;
dkim=pass (2048-bit key; secure) header.d=DOMAIN2 header.i=@DOMAIN2
header.a=rsa-sha256 header.s=hs1 header.b=IrJ0eBW4;
dkim=pass (2048-bit key; unprotected) header.d=DOMAIN3
header.i=@DOMAIN3 header.a=rsa-sha256 header.s=hs1 header.b=TW8kchP4;
dkim-atps=neutral
Why does the second line show "unprotected"? I have read in another post on
this mailing list that it might be DNSSEC that is missing but as far as I can
tell that is not true:
dig +dnssec hs1._domainkey.DOMAIN3
;; ANSWER SECTION:
hs1._domainkey.DOMAIN3. 3453 IN CNAME MASKED.hs01a.dkim.hubspotemail.net.
hs1._domainkey.DOMAIN3. 3453 IN RRSIG CNAME 8 4 3600 20250329001349
20250307001349 5263 DOMAIN3.
Q0P4wEMGtLucFFPKSlrbvkofzV0r5yslBHdU6kkF0MOIpoqEBs7+r67N
ZBAcH5lbjdhyJyRukw4VCt44UFn25tou4iHTHHKtd6zlJdwRoQxZO9SD
j1vanK/6Zt0rYf4nlGzNQfuV3e+SegZQwz7wot7EU2Xf+q2Cjuj7cGvR t4g=
So the "hs1" selector does have DNSSEC on the DNS server for domain DOMAIN3, to
which the second dkim=pass line points to. What am I misunderstanding?
- Waldo_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
