Re: Sendmail and DKIM for bounce messages?

Claus Aßmann wrote:

Otto J. Makela wrote:

Apparently, the setup I currently have does not DKIM sign messages
where the sender is the classic email bounce empty sender <>

>
If you use a milter to create DKIM signatures then you have to send
your bounces via a sendmail process that runs that milter.

Indeed. I currently just have

INPUT_MAIL_FILTER(`opendkim', `S=inet:8891@127.0.0.1')dnl

in my sendmail.mc to milter stuff through the locally running opendkim,
and clearly this does not get invoked when generating bounces.

Does anyone know how I am supposed to invoke opendkim to make a
signature in the case of bounces, where the mail message fields do
not make it immediately obvious what domain should be used?

Apparently, this is possible (but disabled by default) on Postfix:
https://www.postfix.org/MILTER_README.html

This means that messages will languish in the mail queue for days if
the client's email systems (typically M365, Google or some such large
email handler) will not accept them, and then cause double bounces.

>
Isn't that a nice sh!tty requirement made up by the biggest spam
sources? Isn't just SPF enough to fullfill their random (and useless)
requirements?

Made a longer followup to another thread here, but apparently using an
IPv6 interface (as default like Linux is prone to do) somehow makes a
difference for them.

I've even considered hard-wiring these mail recepients to only use IPv4,
but of course doing this is painful since M365 keeps shifting around so
much.

--
   /* * * Otto J. Makela <om@iki.fi> * * * * * * * * * */
  /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */
 /* Mail: Mechelininkatu 26 B 27,  FI-00100 Helsinki */
/* * * Computers Rule 01001111 01001011 * * * * * * */