On 6/2/20 9:44 AM, sunil soprey wrote:
Periodically, I've seen these errors from few senders, and wondering if community has a idea? Mailman - 3.3.1rc1 Tom Sawyer
"554 Transaction failed: Duplicate header 'DKIM-Signature'" while sending AWS-SES as the MTA?
Possible to strip from postfix? I've submitted a AWS ticket.
It appears that AWS SES is intended only for delivery of locally generated mail and not mail that is received and resent by a mailing list or forwarding arrangement.
This page <https://docs.aws.amazon.com/ses/latest/DeveloperGuide/header-fields.html> gives a list of a large number of headers that can appear only once in a message, among them are Delivered-To:, DKIM-Signature: and a few others that might legitimately appear more than once in messages from a mailing list.
There are a couple of ways to remove incoming DKIM sigs.
If you are signing with opendkim, there is a RemoveOldSignatures config setting which if true will remove existing signatures when signing.
In Mailman itself you can put
[mta] remove_dkim_headers: yes
in mailman.cfg and Mailman will remove all DomainKey-Signature, DKIM-Signature and Authentication-Results headers from the message before delivery to the MTA.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan