We are running domainkeys milter 1.0.2 and in the past two month we had three separate reports of emails sent from IronPort appliances being rejected due to BAD domainkeys signature.
Tests performed so far are as follows.
- Checked senders DNS records and all appear to be OK
- Asked senders to send to non-sendmail domainkeys verifiers and all tests are OK.
- Asked senders to send to email@example.com and all tests fail with a message "bad signature"
- All senders confirmed to be using IronPort appliances
- Ironport can successfully verify sendmail domainkeys signature
- Asked senders to log a call with Ironport but so far no resolution have been found, in fact IronPort support blames sendmail filter as all other verifiers do not have this problem
At this stage it appears to be a very specific problem between IronPort and Sendmail domainkeys implementation.
Any help in this matter would be greatly appreciated.