On 14.1.2020 15.38, Alex Woick wrote:
Spamassassin (3.4.3, the same with previous) declares all or almost
all the incoming DKIM-signed messages as DKIM_INVALID, and I'm not
understanding why.
I'm running opendkim on the mail server as milter with Postfix, and
the opendkim headers say the same dkim signatures are all valid.
Example headers of some mail from this list.
Opendkim says ok:
Authentication-Results: mail.wombaz.de;
dkim=pass (2048-bit key) header.d=linkcheck.co.ukheader.i=@linkcheck.co.uk
header.b="PXrrNHdB"
But Spamassassin says it's invalid:
X-Spam-Status: No, score=-15.5 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL,
DKIM_INVALID,DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,
MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS,TXREP,
USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.3
I had the same problem on my mail server, while the server only 1 Gb and
was an old box. I swapped it to a 4 Gb box and installed OS and SA and
all as new install.
Magically the problem went away.
One more thing: I got DKIM_VALID & DKIM_VALID_AU allright for a day
after reboot, but it the started to be DKIM_INVALID. I set the mail
server to reboot once a day and it worked. But current system works fine
without any artificial reboots.
Go figure.