Dnia 9.05.2025 o godz. 16:18:35 Matus UHLAR - fantomas via Postfix-users pisze: > I use pyspf-milter which is from the same package I believe (python, > there's also perl version policyd-spf) and it only accepts/rejects > e-mail and adds Authentication-Results: header.
That may be the key. Check if mails that are failing DKIM: - already contain "Authentication-Results:" header before being processed by pyspf-milter, and that header is DKIM signed or - don't contain "Authentication-Results:" header, and it is oversigned. In both cases, DKIM verification will fail, because you changed part of message that is DKIM signed. > Question: aren't those mails failing DKIM from mailing lists? > Because that is quite often case where DKIM does not pass. That may be a completely different issue. If the mailing list server changes anything in the headers or body of the message, and does not sign the message again with its own key, DKIM will fail. Also it is possible that the mail contains two signatures, one (the original) that fails, and another one (added by mailing list server) that passes, but your milter interprets this incorrectly and seeing the first failed signature, indicates the overall result as DKIM failure. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
