On the servers I manage I use the postfix MTA (mail transfer agent). I occasionally find things about it that are not documented. I am adding this post to track those things so I can find them when need them. I hope some others can benefit from my notes.
After setting up CWP (Control Web Panel) I found that users could not send email. It was being rejected due to a duplicate DKIM header. Literally the same, exact DKIM header appearing twice in the headers. CWP uses
Postfix was calling
opendkim twice, both before and after the
Amavis anti-virus scan. The fix was a modification to
master.cf to skip the
milters call (where
opendkim lives) after the
127.0.0.1:10025 inet n - y - - smtpd -o smtpd_milters=
-o smtpd_milters= entry in the
127.0.0.1:10025 inet n - y - - smtpd block of the
master.cf configuration file and the duplicate DKIM headers go away.
I found this solution via this StackExchange post: https://serverfault.com/questions/475416/is-there-a-reason-why-dkim-signs-every-mail-twice
[…] based on the options you selected. Any local customizations, such as setting a relayhost or updating master.cf so you don’t get duplicate DKIM headers will be lost when you click the Rebuild Mail Server button, so keep a good log of local changes or […]