On the servers I manage I use the postfix MTA (mail transfer agent). I occasionally find things about it that are not documented. I am adding this post to track those things so I can find them when need them. I hope some others can benefit from my notes.
DKIM
After setting up CWP (Control Web Panel) I found that users could not send email. It was being rejected due to a duplicate DKIM header. Literally the same, exact DKIM header appearing twice in the headers. CWP uses postfix with opendkim. Postfix was calling opendkim twice, both before and after the Amavis anti-virus scan. The fix was a modification to master.cf to skip the milters call (where opendkim lives) after the Amavis call.
127.0.0.1:10025 inet n - y - - smtpd -o smtpd_milters=
Add the -o smtpd_milters= entry in the 127.0.0.1:10025 inet n - y - - smtpd block of the master.cf configuration file and the duplicate DKIM headers go away.
I found this solution via this StackExchange post: https://serverfault.com/questions/475416/is-there-a-reason-why-dkim-signs-every-mail-twice
1 Response
[…] based on the options you selected. Any local customizations, such as setting a relayhost or updating master.cf so you don’t get duplicate DKIM headers will be lost when you click the Rebuild Mail Server button, so keep a good log of local changes or […]