Dkim+opendmarc in messages from mailing list

Hi !
im using postfix/dkimpy/opendmarc in my local setup (ok its not the ipfire.
when i checked log files i get some dkim failures from so i investigated a little and i saw that most of the messages are ok but only from one person mostly its not OK
so i have to questions:

  1. why only sometimes the verification fails ?
  2. why its not rejected from my opendmarc (dmarc say “pass”) because your dns entry say “reject”
    here is the header part of an email
    Authentication-Results:; dkim=fail (Bad 256 bited25519-sha256 signature.) header.a=ed25519-sha256;
    dkim=fail (Bad 2048 bit rsa-sha256 signature.)
    Authentication-Results: OpenDMARC; dmarc=pass (p=reject dis=none)

Ciao Gerd

If you are having problems with mail from the mail servers then your best bet is to check what is on the Postmaster wiki page and if that does not address your problem contact the ipfire Postmaster as per the email address on that page.



I also could contac you :slight_smile: because only some of your mails having this behaviour :slight_smile:

Ciao Gerd

Yes you could but I still won’t be able to help you.

I send my ipfire emails via my Thunderbird client in text mode only. Thunderbird doesn’t do anything with DKIM.

Thunderbird sends my emails to the ipfire smtp server.

I also send my patch submission emails using git send-email to the same ipfire smtp mail server.
git send-mail has nothing set up for dkim in its configuration.

Presumably the ipfire mail server must then do some checking or adding of dkim or whatever the process is before it sends out the emails to the ipfire mailing list.

So I still think that your best bet is to contact the person in IPFire that is dealing with the mail server to find out what is peculiar with the emails that I am sending to the ipfire mail server that causes themn to be marked in that way but not rejected by the ipfire mail server.

The mails that have the behaviour you are describing are those the mails with patch submissions or the non patch based emails or is it a mixture or some subset of both types of email communications that I send?

1 Like


hi !

Interesting is here that 1 time the dkim signature of Adolf was ok and second time both failed…


Ciao Gerd