On 31.07.18 10:11, ѽ҉ᶬḳ℠ wrote:
From cli it is a different ip. Just add a relay via dkim to the
line in question then and see if that works.
So it is but why makes that difference considering the directives -
particularly the [ any ] part should cover any (as in 172.25.120.2 for
instance), or should it not?
accept tagged DKIM for any relay
accept for any relay via smtp://127.0.0.1:10027
The default "from" for accept is "from local", which means only
local/authenticated messages were relayed to DKIM.
I suspect 172.25.120.2 was sending without authentication?
from [ !]
local
The rule matches only locally originating
connections.
This is the default,
and may be omitted.
172.25.120.2 gets authenticated by encrypted password over (START)TLS. I
would not permit any client for sending messages without authentication
first.
listen on eth0 inet4 port 587 smtps hostname mail mask-source tag lan
Either you trimmed this config line or you're missing "auth". Otherwise I
suspect you're running without authentication.