I've looked online for solutions to this problem (including postfix and sendmail documentation) but with no luck so far.
I've been running a Postfix mail server for several years (currently Linux Mint 18.1 (Ubuntu 16.4) with postfix 3.1.0) and implemented SPF, DKIM and DMARC a few years ago. All works well for about two dozen domains. I also have a Windows web server which sends out mail from web forms via the mail server (using a local mail sender client) to the domains hosted on the mail server through port 25. This has also worked well for many years and achieves passes for SPF, DKIM and DMARC. I have a second, recentlly set up web server - Apache 2.4.18 - on the same VPS as the mail server. It's form mail is sent using php's mail() which sends via "/usr/sbin/sendmail -t -i". This does not, by default, DKIM sign, although remote recipients pass SPF and DMARC. In order to get DKIM authentication I have removed the no_milters option from master.cf's receive_override_options. This, of course, adds a second DKIM signature to each email from Windows forms and general mail. What changes to main/master do I need to make in order to DKIM sign all mail once only, preferably before spamassassin? master.cf extract... pickup fifo n - n 60 1 pickup -o content_filter= -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks # ,no_milters smtp inet n - n - - smtpd -o content_filter=spamfilter main.cf extract... inet_interfaces = all milter_default_action = accept milter_protocol = 6 # list of: clamav, dkim, dmarc smtpd_milters = unix:/var/run/clamav/clamav-milter.ctl,local:/var/run/opendkim/opendkim.sock,inet:localhost:8893 non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock,inet:localhost:8893 -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
