-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Fri, 2017-05-26 at 18:38 +0300, Vladimir Dubrovin wrote: > In most cases, DKIM check fails because message was improperly > formatted and was normalized by MTA before sending after DKIM > signature is applied.
We changed the mail flow so the path looks like: MUA -> sendmail with SMTP AUTH for outbound relaying -> sendmail w/ opendkim signing -> outbound targets The dkim failures shown on aggregate reports have almost completely disappeared. One or more of the common mail user agents is clearly sending slightly malformed mail, which sendmail is fixing after signing. It would be nice if sendmail had an option to override *all* the fixups, but that could easily cause more problems. In particular, receiving 8BITMIME over ESMTP, but relaying to a mail server that only supports SMTP which needs 8->7 conversion. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlk9asgACgkQL6j7milTFsHZTACePrfsujhz0y3ZG3V8Hi75fM4S 40YAn1BYw7BWx0tYtabl9gB8I1TCNMW0 =KtlT -----END PGP SIGNATURE----- _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop