Hello everybody, Problem: I have setup DKIM signing for two domains on a mailserver. It signs outgoing mails as wanted (perfect score on mail-tester.com now), but also signs incoming mails, too. Instead signing incoming emails falsely, it should of course filter the actual dkim signing of an email (if existing). I assume this is a problem in my policy banks. This is what I have not understood so well yet, and somehow every DKIM explanation on the web follows some different procedure. Question: Can someone highlight where my problem lies or point me to a resource where I am likely to be able to teach myself on policy banks specifically in regard to DKIM? Background: I have been running my own web servers for a while, which I am able to do so quite well. As a pet project, I moved on to manage my own mailserver for two not so important domains, this is indeed a good challenge. It's running on Ubuntu 14.04, important parts to this question are Postfix and Amavisd-new. Relevant code: /etc/postfix/conf.d/50-user Code: [...] $interface_policy{'10024'} = 'DKIM_ALWAYS'; $policy_bank{'DKIM_ALWAYS'} = { originating => 1, }; $enable_dkim_verification = 1; $enable_dkim_signing = 1; dkim_key('domain1.example.com', 'dkim', '/var/lib/amavis/db/domain1.example.com'); dkim_key('domain2.example.com', 'dkim', '/var/lib/amavis/db/domain2.example.com'); @dkim_signature_options_bysender_maps = ( { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } ); [...] /etc/postfix/conf.d/40-policy_banks Code: [...] @local_domains_maps = ( read_hash('/etc/postfix/mysql-virtual-mailbox-domains.cf') ); $policy_bank{'SUBMISSION'} = { originating => 1 }; [...]