Hi !
im using postfix/dkimpy/opendmarc in my local setup (ok its not the ipfire.
when i checked log files i get some dkim failures from ipfire.org so i investigated a little and i saw that most of the messages are ok but only from one person mostly its not OK
so i have to questions:
why only sometimes the verification fails ?
why its not rejected from my opendmarc (dmarc say “pass”) because your dns entry say “reject”
here is the header part of an email
Authentication-Results: smtp.hoerst.net; dkim=fail (Bad 256 bited25519-sha256 signature.) header.d=ipfire.org header.a=ed25519-sha256;
dkim=fail (Bad 2048 bit rsa-sha256 signature.) header.d=ipfire.org
header.a=rsa-sha256
Authentication-Results: OpenDMARC; dmarc=pass (p=reject dis=none) header.from=ipfire.org
If you are having problems with mail from the ipfire.org mail servers then your best bet is to check what is on the Postmaster wiki page and if that does not address your problem contact the ipfire Postmaster as per the email address on that page.
Yes you could but I still won’t be able to help you.
I send my ipfire emails via my Thunderbird client in text mode only. Thunderbird doesn’t do anything with DKIM.
Thunderbird sends my ipfire.org emails to the ipfire smtp server.
I also send my patch submission emails using git send-email to the same ipfire smtp mail server.
git send-mail has nothing set up for dkim in its configuration.
Presumably the ipfire mail server must then do some checking or adding of dkim or whatever the process is before it sends out the emails to the ipfire mailing list.
So I still think that your best bet is to contact the person in IPFire that is dealing with the mail server to find out what is peculiar with the emails that I am sending to the ipfire mail server that causes themn to be marked in that way but not rejected by the ipfire mail server.
The mails that have the behaviour you are describing are those the mails with patch submissions or the non patch based emails or is it a mixture or some subset of both types of email communications that I send?
because only some of your mails having this behaviour 
