Last a few weeks I found that my OpenDKIM stopped rejecting incoming mails with no dkim-signature, bad-signature etc. Signing outgoing is OK, and according to the mail headers verifying provided, as well. That happened after updating the server's OS Archlinux (now kernel v.5.9.6-arch1-1). Some of configs:
Opendkim:
AlwaysAddARHeader yes
AuthservID OpenDKIM-Main
LogWhy yes
Mode sv
On-NoSignature reject
On-BadSignature reject
On-SignatureError reject
On-KeyNotFound reject
Socket inet6:8891@[::1]
UMask 002
Postfix:
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:[::1]:8891, inet:[::1]:8893 #last one is OpenDMARC
non_smtpd_milters = $smtpd_milters
From validated mails the header concerning dkim like this:
Authentication-Results: OpenDKIM-Main; dkim=pass (1024-bit key) header.d=stackoverflow.email header.i=@stackoverflow.email header.b=Lq1gxzV+
From unvalidated, which must be rejected:
Authentication-Results: OpenDKIM-Main; dkim=none
How to fix this issue?
