Hello,
You don't really have to remove the already existing DKIM signature
headers, just as you do not remove any other headers from the email...
It is normal for a message to have multiple DKIM signature as it hops
between servers that sign it.
According to RFC the message will be verified as long as any of the
signatures is verified. Signatures that may be invalid are actually
ignored in this case.
https://datatracker.ietf.org/doc/html/rfc7489 :
Note that a single email can contain multiple DKIM signatures, and it
is considered to be a DMARC "pass" if any DKIM signature is aligned
and verifies.
It may not be directly relevant to your question, but just clarifying
this...
Regards,
Savvas Karagiannidis
On 21/1/2022 10:35, Miro Igov wrote:
I am absolutely sure that amavis is the only process signing emails.
If i disable amavis from signing $enable_dkim_signing = 0; in my
/etc/amavis/conf.d/50-user config file i get only the original signature before
reaching my mail server.
[email protected] sends [email protected] [email protected]
is set to forward a copy of the email [email protected]
In yahoo message i can see google dkim signature. I want google dkim stripped
because it reports permfail as obviously message is altered in my amavis setup
before forwarded to yahoo.
-----Original Message-----
From: TSHIMANGA Minkoka<[email protected]>
Sent: Friday, January 21, 2022 08:03
To: Miro Igov<[email protected]>;[email protected]
Subject: Re: Remove headers from Amavis
Hello,
You can stop Amavis from DKIM signing emails by setting $enable_dkim_signing =
1; in /etc/amavis/amavis.conf
I think that in your case another process (maybe OpenDKIM) is DKIM signing the
email, so you should stop Amavis doing so to avoid double signing.
Regards,
Tshimanga
