<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hello,<br>
</p>
<p>You don't really have to remove the already existing DKIM
signature headers, just as you do not remove any other headers
from the email...</p>
<p> It is normal for a message to have multiple DKIM signature as it
hops between servers that sign it.<br>
</p>
<p>According to RFC the message will be verified as long as any of
the signatures is verified. Signatures that may be invalid are
actually ignored in this case.<br>
</p>
<p><a class="moz-txt-link-freetext" href="https://datatracker.ietf.org/doc/html/rfc7489">https://datatracker.ietf.org/doc/html/rfc7489</a> :<br>
</p>
<pre class="newpage"> Note that a single email can contain multiple DKIM signatures, and it
is considered to be a DMARC "pass" if any DKIM signature is aligned
and verifies.
</pre>
<div class="moz-signature">
<div style="min-width:600px;border:1px solid #fff;"></div>
<p>It may not be directly relevant to your question, but just
clarifying this...<br>
</p>
<p>Regards,</p>
</div>
<div class="moz-cite-prefix">
<p>Savvas Karagiannidis</p>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 21/1/2022 10:35, Miro Igov wrote:<br>
</div>
<blockquote type="cite"
cite="mid:001401d80ea1$cbcccdb0$63666910$@pharmya.com">
<pre class="moz-quote-pre" wrap="">I am absolutely sure that amavis is the only process signing emails.
If i disable amavis from signing $enable_dkim_signing = 0; in my /etc/amavis/conf.d/50-user config file i get only the original signature before reaching my mail server.
Imagine <a class="moz-txt-link-abbreviated" href="mailto:user@gmail.com">user@gmail.com</a> sends to <a class="moz-txt-link-abbreviated" href="mailto:miro.igov@pharmya.com">miro.igov@pharmya.com</a> and <a class="moz-txt-link-abbreviated" href="mailto:miro.igov@pharmya.com">miro.igov@pharmya.com</a> is set to forward a copy of the email to <a class="moz-txt-link-abbreviated" href="mailto:user@yahoo.com">user@yahoo.com</a>
In yahoo message i can see google dkim signature. I want google dkim stripped because it reports permfail as obviously message is altered in my amavis setup before forwarded to yahoo.
-----Original Message-----
From: TSHIMANGA Minkoka <a class="moz-txt-link-rfc2396E" href="mailto:tshikose@tshimix.cd"><tshikose@tshimix.cd></a>
Sent: Friday, January 21, 2022 08:03
To: Miro Igov <a class="moz-txt-link-rfc2396E" href="mailto:miro.igov@pharmya.com"><miro.igov@pharmya.com></a>; <a class="moz-txt-link-abbreviated" href="mailto:amavis-users@amavis.org">amavis-users@amavis.org</a>
Subject: Re: Remove headers from Amavis
Hello,
You can stop Amavis from DKIM signing emails by setting $enable_dkim_signing = 1; in /etc/amavis/amavis.conf
I think that in your case another process (maybe OpenDKIM) is DKIM signing the email, so you should stop Amavis doing so to avoid double signing.
Regards,
Tshimanga
</pre>
</blockquote>
</body>
</html>