I have SPF, DMARC and DKIM configured for my mail server (postfix) on a CentOS 7 OS.
Outgoing mail is getting signed as normal. All email check sites says my stuff are secured and working great but there is a site I use that purposely sends various types of spoofed emails to test all parts of incoming filters and my server seems to fail a specific DKIM part.
Site used: https://emailspooftest.com
Mail 5 is getting through (which it shouldn't) which correspond to "Strict DKIM Alignment"
Postfix logs:
postfix/smtpd[3311]: connect from p3nlsmtp13.shr.prod.phx3.secureserver.net[72.167.234.238]
postfix/smtpd[3311]: Anonymous TLS connection established from p3nlsmtp13.shr.prod.phx3.secureserver.net[72.167.234.238]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
policyd-spf[3338]: None; identity=helo; client-ip=72.167.234.238; helo=p3nlsmtp13.shr.prod.phx3.secureserver.net; [email protected]; receiver=hello@*****.com
policyd-spf[3338]: None; identity=mailfrom; client-ip=72.167.234.238; helo=p3nlsmtp13.shr.prod.phx3.secureserver.net; [email protected]; receiver=hello@*****.com
postfix/smtpd[3311]: 9A347EBA: client=p3nlsmtp13.shr.prod.phx3.secureserver.net[72.167.234.238]
postfix/cleanup[3987]: 9A347EBA: message-id=<>
opendkim[1189]: 9A347EBA: p3nlsmtp13.shr.prod.phx3.secureserver.net [72.167.234.238] not internal
opendkim[1189]: 9A347EBA: not authenticated
opendkim[1189]: 9A347EBA: no signature data
postfix/qmgr[32482]: 9A347EBA: from=<[email protected]>, size=1867, nrcpt=1 (queue active)
postfix/pipe[3992]: 9A347EBA: to=<hello@*****.com>, relay=dovecot, delay=0.63, delays=0.54/0.01/0/0.08, dsn=2.0.0, status=sent (delivered via dovecot service)
postfix/qmgr[32482]: 9A347EBA: removed
These lines are for email 5.
My DKIM setup does not reject this kind of email. How can I fix this?
p.s. I do not have Amavis installed. I don't have lots of RAM on this server and I've heard it uses a lot.
