DKIM signing of bounce back messages


I have a question regarding DKIM signing on Postfix bounce back messages.

I was tuning my Dovecot installation around quotas. I sent a test message from Hotmail to a test account on my server to test generation of a bounce back when a user exceeds their quota. The message was successfully generated and then relayed via Postfix back to the Hotmail account, but I noticed the bounce back message went into the Hotmail junk folder.

Inspecting the message I saw that I was not DKIM signing messages generated by Postfix or via sendmail. I changed my Postfix config to include:

internal_mail_filter_classes = bounce
non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock

Generating a new test message confirmed that bounce back messages are now DKIM signed . . . BUT I noticed this line in: man 5 postconf

NOTE: It's generally not safe to enable content inspection of Postfix-generated email messages.

My question is - will enabling DKIM on bounce back messages cause me problems or is that warning more for content filters that attempt to mangle/modify the bounce back messages ?


- J


Re: DKIM signing of bounce back messages

By Wietse Venema at 09/11/2018 - 07:35

J Doe:
That's similar to what I have.

This depends on what the mail inspecting software does. If it creates
more email, then the worst-case result would be an email explosion.
Otherwise, the worst-case result would be an email loop.