From DKIM's perspective it really makes no sense to validate a
signature generated by yourself.
( How often do you check your own identity card to prove that you are
you? )
Yes, that is true, there is no point to verify my own signature, but in
case of virtual domains, if domain1 does not belong to same user as
domain2, it would be nice if domain1 signature could be verified.
But I assume your problem is consistent behaviour.
If that is the point you have to split mail flows:
* separate system signing all submitted messages
* separate system validating any inbound messages.
Current setup that i have has separate signing machine (relay), so if
domain1 sends mail do domain2, mail goes from machine1 to relay (that
will sign mail), and since domain2 MX record points to machine1, relay
sends it back and mail gets verified.
I'm wondering, is it possible to do it in same machine, so i can exlude
relay machine witch only purpose is signing.
My goal would be: verification is done in part of mail flow that
handles delivery to virtual user, but not in part that handles sending
mail out to Internet.
Is it possible, or should i just forget about it and stay with separate
machine for signing?
