On 27 Jun 2016, at 20:17, Paul R. Ganci wrote:
I notice that postfix generates bounce messages that without going through some effort do not get DKIM signed. I have setup my incoming gateway server so that messages to my email subscribers are bounced using a local_recipient_map. However I received a report from linkedin.com because a Linked-In subscriber sent a message to an email address of a non-existent local user.
In which case your Postfix should not be the entity creating the bounce message. Postfix answers a SMTP RCPT command to a non-existent address with a 550 reply and the sending MTA goes away to compose the actual bounce message itself.
If that's not what is happening, you have a backscatter-generating misconfiguration (which seems unlikely.)
Linked-In flagged the Mailer-Daemon bounce message. It seems to me even if the message was DKIM signed the fact that the Return-Path header is <>
Return-Path is a header added to a message in final delivery by some systems which contains the SMTP envelope sender address, it is NOT a header that DKIM applies to. DKIM applies to the "From:" header.
would still cause a mismatch that should not pass the DMARC requirements. I was wondering how others handle this problem or is it really just a misconfigured Linked-In server? It is ironic that a bounce message resulting from a message to a non-existent address sent from linkedin.com would generate a DMARC fail by linkedin.com.
This seems like a non-problem, or perhaps a LinkedIn problem.
