No description
4d5901921e
Root cause of the Jun 2026 deliverability collapse / 'no new sales': opendkim.conf was in single-key mode with no InternalHosts, so it signed only 127.0.0.1. Transactional/cron mail (injected locally) was signed, but ALL campaign mail -- injected over the Docker bridge from the Listmonk containers (172.18.0.5 trucking, 172.18.0.25 healthcare) -- went out UNSIGNED. Gmail/Yahoo require DKIM on bulk mail since Feb 2024, so cold campaigns were junked/blocked (~23% delivery, 550-5.7.1). Proof: 2,620 campaign msgs that day, 0 DKIM sigs. The correct table files already existed on the server but were never wired into opendkim.conf. Fix points the daemon at key.table/signing.table and sets InternalHosts/ExternalIgnoreList to trusted.hosts (which includes 172.16.0.0/12, the Docker subnet). Fixes BOTH streams: HC submission ports 2526-2528 inherit the global smtpd_milters and *@performancewest.net covers compliance@. Verified by injecting from a Docker IP through port 25 and port 2526 -- both now get 'DKIM-Signature field added'. Codified as new Ansible role 'mail' so it can't silently regress (OpenDKIM was previously not in IaC at all). |
||
|---|---|---|
| .claude/projects/-home-justin-projects-performancewest-new-site/memory | ||
| api | ||
| chrome-extension/fcc-access-helper | ||
| data | ||
| docs | ||
| docserver | ||
| erpnext | ||
| frappe_adyen | ||
| frappe_ca_registry | ||
| frappe_crypto | ||
| infra | ||
| mcp | ||
| monitoring | ||
| node-compile-cache/v25.1.0-x64-392347a2-1000 | ||
| performancewest_erpnext | ||
| scripts | ||
| site | ||
| src | ||
| test_screenshots | ||
| .gitignore | ||
| CLAUDE.md | ||
| deploy.sh | ||
| docker-compose.dev.override.yml | ||
| docker-compose.yml | ||
| extract-erpnext-assets.sh | ||