Thank you Dominic, I think I am starting to confuse the 2 sides of the coin and wanted clarification.
If I setup DKIM, it is to be used by whom ? Is it for anyone including my own domain, when an @uconn.edu email is received, it is to be checked ? A. Does my DKIM entry in DNS help with sending from x...@example.com<mailto:x...@example.com> to x...@uconn.edu<mailto:x...@uconn.edu> ? B. Does my DKIM entry in DNS help with sending from x...@uconn.edu<mailto:x...@uconn.edu> to x...@example.com<mailto:x...@example.com>? C. Does my DKIM entry in DNS help with sending from x...@uconn.edu<mailto:x...@uconn.edu> to y...@uconn.edu<mailto:y...@uconn.edu> ? In “C” I am thinking emails from staff to student and vice versa. Staff on O365 and students on Google Apps. Both cloud solutions. Student to staff would go google -> to my MX record which is spam appliance -> postfix box -> O365 servers Staff to Student would go O365 -> to my MX record which is spam appliance -> postfix box -> Google servers Thanks to anyone willing to go down the rabbit hole here…. -ALF -Angelo Fazzina Operating Systems Programmer / Analyst University of Connecticut, UITS, SSG, Server Systems 860-486-9075 From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Dominic Raferd Sent: Wednesday, March 29, 2017 3:56 PM To: Postfix users <postfix-users@postfix.org> Subject: Re: need little help with DKIM, if possible. On 29 March 2017 at 20:36, Fazzina, Angelo <angelo.fazz...@uconn.edu<mailto:angelo.fazz...@uconn.edu>> wrote: Thank you Doug, I fixed the name so the unsupported character "_" is not used. Please review my latest test, as I have a question. Is there anything in the DKIM config files I can change to get rid of this message ? Authentication-Results: verifier.port25.com<http://verifier.port25.com>; dkim=pass (signature verifies; identity doesn't match any headers) header.d=mta4.uits.uconn.edu<http://mta4.uits.uconn.edu> Am I supposed to get the headers to match ? DKIM check details: Result: pass (signature verifies; identity doesn't match any headers) ID(s) verified: header.d=mta4.uits.uconn.edu<http://mta4.uits.uconn.edu> Canonicalized Headers: to:check-a...@verifier.port25.com<mailto:to%3acheck-a...@verifier.port25.com>'0D''0A' from:"Fazzina,'20'Angelo"'20'< <mailto:alf02...@appmail.uconn.edu> alf02013@<mailto:alf02...@appmail.uconn.edu> <mailto:alf02...@appmail.uconn.edu> appmail.uconn.edu<mailto:alf02...@appmail.uconn.edu>>'0D''0A' date:Wed,'20'29'20'Mar'20'2017'20'15:29:26'20'-0400'0D''0A' dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed/simple;'20'd= <http://mta4.uits.uconn.edu> mta4.uits.uconn.edu<http://mta4.uits.uconn.edu>;'20's=dkim1;'20't=1490815766;'20'bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=;'20'h=To:From:Date:From;'20'b= The problem I think is that you have set up a dkim record for emails from domain <http://mta4.uits.uconn.edu/> <http://mta4.uits.uconn.edu/> mta4.uits.uconn.edu<http://mta4.uits.uconn.edu/> but you are sending an email from <mailto:alf02...@appmail.uconn.edu> <mailto:alf02...@appmail.uconn.edu> appmail.uconn.edu<mailto:alf02...@appmail.uconn.edu> (i.e. the internal 'From:' header is set to <mailto:alf02...@appmail.uconn.edu> alf02013@<mailto:alf02...@appmail.uconn.edu> <mailto:alf02...@appmail.uconn.edu> appmail.uconn.edu<mailto:alf02...@appmail.uconn.edu>). Hence the report that the dkim identity ('d=') doesn't match any headers.