J Doe:
> Hello,
>
> I have a question regarding DKIM signing on Postfix bounce back messages.
>
> I was tuning my Dovecot installation around quotas. I sent a test message
> from Hotmail to a test account on my server to test generation of a bounce
> back when a user exceeds their quota. The message was successfully generated
> and then relayed via Postfix back to the Hotmail account, but I noticed the
> bounce back message went into the Hotmail junk folder.
>
> Inspecting the message I saw that I was not DKIM signing messages generated
> by Postfix or via sendmail. I changed my Postfix config to include:
>
> /etc/postfix/main.cf
> internal_mail_filter_classes = bounce
> non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
That's similar to what I have.
> Generating a new test message confirmed that bounce back messages are now
> DKIM signed . . . BUT I noticed this line in: man 5 postconf
>
> internal_mail_filter_classes
> NOTE: It's generally not safe to enable content inspection of
> Postfix-generated email messages.
This depends on what the mail inspecting software does. If it creates
more email, then the worst-case result would be an email explosion.
Otherwise, the worst-case result would be an email loop.
Wietse
> My question is - will enabling DKIM on bounce back messages cause me problems
> or is that warning more for content filters that attempt to mangle/modify the
> bounce back messages ?
>
> Thanks,
>
> - J
>
>
