Hello!
I noticed my system messages fail DKIM due to "signature verification
failed" and also when I send from a local user to a local user.
In /etc/mail/aliases I have:
root: [email protected]
This is the command I use to fail DKIM:
$ mail root
This is the command I use to pass DKIM:
$ mail [email protected]
The only difference I can see in the received message headers is
different To:
Failed DKIM:
To: [email protected]
Passed DKIM:
To: [email protected]
And when running with the dkimsign -z option, I can see in the z=:
Failed DKIM:
To:=20root
Passed DKIM:
To:[email protected]
I have the following rules in /etc/mail/smtpd.conf
(non-applicable configurations redacted for brevity):
table aliases file:/etc/mail/aliases
filter "dkimsign_local_rsa" proc-exec "filter-dkimsign -z \
-d hostname.example.com -s 10172021 \
-k /etc/mail/dkim/10172021.rsa.key" user _dkimsign group _dkimsign
listen on socket filter "dkimsign_local_rsa"
listen on lo0 filter "dkimsign_local_rsa"
action "local_mail" mbox alias <aliases>
match for local action "local_mail"
I'm sure I have some basic lack of understanding of smtpd.conf,
because it seems like the signature is being added before the alias is
expanded (if that is correct term). In going through smtpd.conf(5), I
can't
figure out how to correct this.
Thank you very much.
Paul
