Whenever you are sending mail to an external host that will in the end resend it back to you (a common use case being mailing-lists or any kind of redirections), opendkim will generate a somehow false permerror "verification error: multiple keys found".
In fact what happens is that while the mail is sent and signed successfully, when it returns back to you, opendkim will see that as an illegal attempt at getting the mail signed (while it has already been signed) and generate a 'external host other.server.example.net attempted to send as opendkim.enabled.example.net' log warning. Furthermore, it will mark the message as non-Authenticated (while it is).
You can obviously override this behaviour using ExternalIgnoreHost, but that requires that it contains any kind of mailing list you may be sending to...
Expected behaviour would be to implicitly trust an already signed mail and to set Authentication-Results to pass with no error in the log.
Log in to post a comment.