On 2021-04-22 14:15, Matus UHLAR - fantomas wrote:
still, authenticated mail is outgoing mail, not incoming mail, and you
should not expect it to be DKIM-signed, you have to dkim-sign it.
dont dkim sign if mails is not localy smtp auth senders / clients
forwarding mail servers should only ARC seal mails with openARC or
MAIL::DKIM with supports ARC already
but for this to work we all waiting for openDMARC and spamassassin to
verify ARC sealing
see dovecot maillist where it works as an good example on what to do, i
say it again dont dkim sign mails that is not sasl auth on port 465 /
587
please respect ATPS in dkim if still want to do something
t-online.de dkim signs with 3dr party dkim, and thay soon will see loose
on custommers
back to subject, should not hit on NO_RELAYS