OpenDKIM signs incoming email if it's from a domain it manages

[Illecors]

Using KeyTable and SigningTable setup and managing example1.com and example2.com. [email protected] sends an email to [email protected]. The email received by [email protected] will have 2 DKIM signatures instead of 1 plus verification.

Potentially caused by the same logic - setting domain to * in SigningTable will also make OpenDKIM sign all incoming email, regardless of whether or not it's managing the domain. Mode is left commented out, which should mean sv.

[futatuki]

Signing is enabled only for messages comes from safe origin. OpenDKIM milter uses InternalHosts dataset and MTA dataset, {auth_type} milter macro and POPAUTH(if enabled) to check it. So I don't think the issue described in the title does not cause in general.

See mlfi_header() in opendkim/opendkim.c especially how it is set and how it is used.