I've installed opendkim with postfix on Debian Wheezy. Outgoing mail is getting DKIM signatures. The smtpd and non-smtpd milter spec is the same.
Incoming mail seems not to be verified – in a mail client there is no Authentication-Results header. I've added "AlwaysAddARHeader yes" to the opendkim config, but no difference.
In the mail log, on receipt of a message, among all the various entries there are two by opendkim. The first identifies the server and adds "not internal" (which seems reasonable when it is Google). The second just says "not authenticated". But I can't see any reason why it's not authenticated! Where can I look for the solution?
Best Answer
It looks like
,no_milters
option in content filter destination prevents running milter twice - before and after content filter.You could remove
,no_milters
option. The result is as follows:Should you get back
,no_milters
option, opendkim can still sign emails, but loses the ability to verify them. Little tinkering with amavis showed that amavis uses the same id as opendkim does, which is not a surprise because of standards they both obey. Given that amavis replaces header opendkim added after verification (in fact it still does verify messages) with empty one so it looks like opendkim does not verify messages.So, there are 2 ways of preventing this header from disappearing:
I could not find any way to prevent milter running before amavis so as to allow it run after. However you can prevent amavis rewriting that header by redefining
$myauthservid = "amavis.local";
near the end of 50-user config file. At least that's how I solved this for myself.