It would be nice if there was a configuration option to tell OpenDKIM not to add a second signature to a message that already has a valid signature from the same domain.
As a work-around, I added "SetupPolicyScript /etc/opendkim/setup.lua" to /etc/opendkim.conf and put the below in /etc/opendkim/setup.lua. It skips adding a signature if it finds a DKIM v1 signature in a message without any Received headers.
dkim = odkim.get_header(ctx, "DKIM-Signature", 0)
if (dkim ~= nil) and (string.find(dkim, "v=1;") == 1) then
if odkim.get_header(ctx, "Received", 0) == nil then
odkim.set_result(ctx, SMFIS_ACCEPT)
end
end
return nil
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
As a work-around, I added "SetupPolicyScript /etc/opendkim/setup.lua" to /etc/opendkim.conf and put the below in /etc/opendkim/setup.lua. It skips adding a signature if it finds a DKIM v1 signature in a message without any Received headers.
dkim = odkim.get_header(ctx, "DKIM-Signature", 0)
if (dkim ~= nil) and (string.find(dkim, "v=1;") == 1) then
if odkim.get_header(ctx, "Received", 0) == nil then
odkim.set_result(ctx, SMFIS_ACCEPT)
end
end
return nil