1

I set up IRedMail on an AWS server, so the mail stack looks something like this:

  • Postfix
  • Dovecot
  • Roundcube
  • Mail sent through Amazon SES

I'm trying to forward emails to Gmail using the Managesieve plugin in Roundcube. Forwarded emails get returned with the message

554 Transaction failed: Duplicate header 'DKIM-Signature'.

if sent from another account on that domain, and 

554 Message rejected: Email address is not verified. 
(in reply to end of DATA command)

if sent from an external account. Adding the account as a "Send From" account in Gmail did not make it lenient enough to accept the forwarded messages. How could I go about debugging this?

rationalcarl
  • 11
  • 1
  • 2

1 Answers1

3

Both of two error messages came from Amazon SES. In this time, I will try to answers the first error message.

554 Transaction failed: Duplicate header 'DKIM-Signature'.

The first error indicated that Amazon SES see two DKIM-Signature header in your email (after it forwarded). Looks like there is DKIM software in your mail stack that you forgot to mentioned of. Therefore, in your first error message the email flow looks like this

anotheraccount@example.com -> DKIM signing -> youraccount@example.com -> sieve-forwarding-service ->  DKIM signing -> amazon SES

There are two DKIM signing activity in your mail flow. So, there are two DKIM-Signature headers in your forwarded email.

Solution

I don't know what DKIM software in your stack. So, the solution depends on DKIM software.

For example in OpenDKIM, there are parameter to remove old DKIM-Signature header when signing. That parameter is RemoveOldSignatures. The documentation says that default value is no.

RemoveOldSignatures (Boolean)

      Removes all existing signatures when operating in signing mode.
Community
  • 1
masegaloeh
  • 18,236
  • 10
  • 57
  • 106