wietse:
Do you have a so-called security appliance in the path? Many have
a history of tampering with email.
Do you have other anti-spam software in the path that modifies
mail headers such as X-Spam:?
To be complete: there is an easy way to invalidate DKIM-Signatures:
don't announce SMTP extension 8BITMIME ...
That way the sender must recode this destroy the signature. Most MTA
do that recode just before transmission. So it's likely to occur /after/
signing the message.
I tried to enhance postfix with a function like "smtp_tls_note_starttls_offer"
But I fail :-/
Idea:
smtp_note_content_recode (default: no)
Log the hostname of a remote SMTP server that does not offer 8BITMIME,
and the content must be recoded.
That way an administrator could at least notice if the well formated
and signed messages
must be recoded to be sent to a remote host.
Andreas
