Sebastian Nielsen:
> its not DKIM that fails. Its S/MIME.
Does not matter (S/Mime signs body parts so there are no header issues).
> But how can I retain a copy of message before milter? Could then remove the
> hashcash milter and DKIM milter (since those does not change that -b does
> succeed validation and no -b does fail validation) and send a test mail.
You need a copy of the signed mail, before and after transmission
to a system where it fails to verify. One way to get the before-
transmission copy is to use a virtual alias (or always_bcc, or
sender/recipient_bcc_maps) that delivers a local copy. Or you grab
it with a network sniffer as it is being sent to a remote system.
If that copy still verifies correctly, the message is modified
elsewhere.
Wietse
