On Sat, Dec 20, 2025 at 11:54:26PM +0100, Thomas Barth via users wrote: > There is indeed a limit in /etc/amavis/conf.d/20-debian_default: > $sa_mail_body_size_limit = 200*1024; > > If this limit is the reason, then SA should ignore DKIM and DMARC scoring.
Well, the message is fed to SA by amavis. SA doesn't *know* whether the amavis (or whatever else) has intentionally modified (truncated) the mail before it was given to it. Thus, if anything, it should be amavis job to either not truncate DKIM-signed emails, or if it does, that it instruct SA to skip (or alter) its DKIM checks somehow (e.g. by adding a header you can check on?) You can request that feature (/bug, depending on your POV) at amavis issue tracker. Or, you can just increase $sa_mail_body_size_limit until it stops being the problem for you. (Neither option is really related to the SA itself) > But the body wasn't even part of the signature: I believe body has its own hash, see 'tag bh' in your output. 'tag h' is only about (list of) headers, not body. See https://dkimcore.org/specification.html for details > saved email at the end. My DKIM checker already confirmed in another mail > that adding a "Delivered-to" and "Received" row to the header doesnt break > the signature. Of course it doesn't break the signature. Only modifying the body, or one of the headers specified in `h=` (or their order) would break the signature. -- Opinions above are GNU-copylefted.
