When you say “fail” do you mean the mail is being rejected? Or just that one signature is failing to verify with DKIM?
laura > On 26 Aug 2022, at 10:32, Stefan Bauer via mailop <mailop@mailop.org> wrote: > > Hi folks, > > are 2 DKIM-signatures in a mail with different s= but for same d= a problem > in general? > > According to RFC 6376 4.2 i would say no, the receiver should check both > signatures and not perm fail on the first, however we see some trouble with > some recipients: > > Log from receivers: > > 2022-08-22T06:35:38+02:00 S2VG300MR01 MTA[10124]: 2022-08-22 06:35:38 [10124] > 1oPzA2-0002dI-Qd acl_check_dkim: fail domain.tld domain.tld > 2022-08-22T06:35:38+02:00 S2VG300MR01 MTA[10124]: 2022-08-22 06:35:38 [10124] > 1oPzA2-0002dI-Qd DKIM: d=domain.tld s=18022801 c=relaxed/relaxed a=rsa-sha256 > b=2048 t=1661142932 [verification failed - signature did not verify (headers > probably modified in transit)] > > We have 2 mail worlds, that send mail for same domain. Sometimes, a mail from > world 1, enters world 2, gets processed and send to third party. This way, > the mail has 2 signatures. > > Thank you. > > Stefan > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -- The Delivery Experts Laura Atkins Word to the Wise la...@wordtothewise.com Email Delivery Blog: http://wordtothewise.com/blog
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop