>>> From cli it is a different ip. Just add a relay via dkim to the >>> line in question then and see if that works. >>> >> So it is but why makes that difference considering the directives - >> particularly the [ any ] part should cover any (as in 172.25.120.2 for >> instance), or should it not? >> >> accept tagged DKIM for any relay >> accept for any relay via smtp://127.0.0.1:10027 > > The default "from" for accept is "from local", which means only > local/authenticated messages were relayed to DKIM. > > I suspect 172.25.120.2 was sending without authentication? > > from [ !] > local > The rule matches only locally originating > connections. > This is the default, > and may be omitted.
172.25.120.2 gets authenticated by encrypted password over (START)TLS. I would not permit any client for sending messages without authentication first. I do comprehend what you are saying just: [ accept for any relay via smtp://127.0.0.1:10027 ] -> [ for any ] and omitting [ from ] in my logic would expand that source does not matter and the directive applies to any (unconditional) relay. Is my logic thus twisted? -> in the sequential order of directives/rules it comes prior the following and thus my understanding is that it should be processed prior those trailing. Again a miscomprehension on my part? [ accept from local for any relay ] [ accept from source 172.25.120.2 for any relay ]
