Multiple DKIM signatures in message?

Question

I'm checking my postfix setup with mail-server.net. I have SPF, DKIM, and DMARC setup and working. However, mail-server.net is claiming I have 2 DKIM signatures in a single message. How is this possible? Here's what my DNS records looks like:

Name Value TTL Options v=spf1 mx -all Default Edit | Remove

201705._domainkey v=DKIM1; h=sha256; k=rsa; s=email; p=MIIBIjANBgk...

_adsp._domainkey dkim=all

_dmarc v=DMARC1;p=quarantine;sp=quarantine;adkim=r;aspf=r;fo=1;rf=afrf;rua=mailto:alescher@adventurecatsnw.com

As you can see, I've only included one DKIM signature key in the txt record. I'm using opendkim as the DKIM signer. I've only one key in the key.table record and one entry in the signing.table record. Does anyone have any ideas as to what could be the issue?

Answer 1

My error was in /etc/postfix/master.cf and now its fixed.

This was my first postfix install and I had:

smtp      inet  n       -       n       -       -       smtpd -o content_filter=spamfilter
smtps     inet  n       -       n       -       -       smtpd -o content_filter=spamfilter
submission inet n       -       n       -       -       smtpd -o content_filter=spamfilter

I changed this to:

smtp      inet  n       -       n       -       -       smtpd 
smtps     inet  n       -       n       -       -       smtpd
submission inet n       -       n       -       -       smtpd -o content_filter=spamfilter

Good luck!

Answer 2

I have the same problem (not solved yet) but I think it has to do with SpamAssassin.

It looks like the DKIM signature is added before and after SpamAssassin filter.

my mailheader
Return-Path: <info@mydomain>
X-Original-To: info@mydomain
Delivered-To: info@mydomain
Received: by mail.mydomain (Postfix, from userid 1001)
    id 2D776B7CA; Wed,  7 Jun 2017 23:15:02 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.mydomain 2D776B7CA
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mydomain;
    etc.
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
    hostname.mydomain
X-Spam-Level: 
X-Spam-Status: No, score=-0.9 required=3.0 tests=ALL_TRUSTED,DKIM_SIGNED,
    HTML_MESSAGE,T_DKIM_INVALID,URIBL_BLOCKED autolearn=no autolearn_force=no
    version=3.4.0
Received: from [mylocalip] (myprovider [myip])
    by mail.mydomain (Postfix) with ESMTPSA id BB..
    for <info@mydomain>; Wed,  7 Jun 2017 23:15:01 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.mydomain BB..
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mydomain;
    etc.

cat /var/log/maillog | grep "DKIM-Signature field added"

Jun  8 00:02:34 host opendkim[762]: BCD70B75A: DKIM-Signature field added (s=default, d=mydomain)
Jun  8 00:02:34 host opendkim[762]: F3341B7CA: DKIM-Signature field added (s=default, d=mydomain)

check this answer: https://serverfault.com/questions/475416/is-there-a-reason-why-dkim-signs-every-mail-twice