Rob McEwen skrev den 2023-02-26 19:45:
Benny,
All I know for sure is this - for MANY legit emails - DKIM fails some
days later - when it had originally worked/validated at the time the
message was sent.
when i begined dkim signing i did that tought why would it be valid
after delivery, could it be good to only be valid until recipient
forwarder have recieved it ?, into days senario could harden arc more to
be used in forwards that on it self breaks dkim
postfix have queue life time 5d, so make dkim valid for 6 days ? :)
since then i do not expire this anymore
I see this often in the real world when I rescan a
message to try to verify the impact on a message that a spam filtering
change caused - then notice that a very legit email that original
passed DKIM at the time the message was received - now suddenly fails
DKIM during this days-later rescan - and without ANY changes to the
message itself.
why rescan ?
add reuse foo into local.cf for spamassassin so it not retesting dkim
I think that this is most likely caused by DNS records
for that DKIM being changed/updated. But whatever the cause, this is
STILL a reality that's worth noting, for anyone who is rescanning
messages later.
correct, how to solve that world on steriods ? :)
