lieser
commented
4 weeks ago Thanks for sending the samples to my mail.
I had a look at them using a different DKIM verifier (https://launchpad.net/dkimpy/) which came to the same conclusion as my add-on: Invalid DKIM signature because the hash over the body is different from the one in the signature. So this is not an issue with the add-on, but the servers seems to modify the messages after it has done it's own DKIM verification.
I would suggest getting in contact with the admin of your server to investigate what is happening exactly. The used server (Postfix) should have some ways that could help in doing see, see e.g. https://www.mail-archive.com/postfix-users@postfix.org/msg102052.html (note that I don't have any experience doing that myself).
In case you are able to find the root cause it would be nice if you could write it here, so it can be added to https://github.com/lieser/dkim_verifier/wiki/FAQ#all-or-almost-all-e-mails-with-dkim-signature-are-failing-with-the-same-error.
As a workaround I would suggest enabling the reading of the Authentication-Results header, if you have not done so already.
I've been noticing lots of emails lately from various senders where this plugin will say the signature is Invalid, but amavisd-new and Google Header Analyzer both show pass.
Samples sent via email to lieser.