Matt Wilbur EFS via Mailman-users writes:
This is very helpful.
Love to hear that! :-)
I've seen the hash not verifying and am chasing that through the hellish postfix/mailscanner/etc path we have. Something's modifying the body and I haven't found it yet.
That sucks, of course, and I guess you wouldn't have known about that bug if you weren't having this problem :-/, but it should be possible to avoid the signature failure, if the boundary MTA does the signing -- then it would be signing the (slightly) corrupted message. A few random suggestions: Maybe Postfix milters are in the wrong order, or the DKIM signature is done on the "wrong" host?