diff --git a/cmdeploy/src/cmdeploy/opendkim/final.lua b/cmdeploy/src/cmdeploy/opendkim/final.lua
index ee17aeec..7c9e01b5 100644
--- a/cmdeploy/src/cmdeploy/opendkim/final.lua
+++ b/cmdeploy/src/cmdeploy/opendkim/final.lua
@@ -28,7 +28,13 @@ for i = 1, nsigs do
 	end
 end
 
-if not valid then
+if valid then
+	-- Strip all DKIM-Signature headers after successful validation
+	-- Delete in reverse order to avoid index shifting.
+	for i = nsigs, 1, -1 do
+		odkim.del_header(ctx, "DKIM-Signature", i)
+	end
+else
 	odkim.set_reply(ctx, "554", "5.7.1", "No valid DKIM signature found")
 	-- Delete in reverse order to avoid index shifting.
 	for i = nsigs, 1, -1 do
@@ -37,13 +43,6 @@ if not valid then
 else
 	odkim.set_reply(ctx, "554", "5.7.1", error_msg)
 	odkim.set_result(ctx, SMFIS_REJECT)
-	return nil
-end
-
--- Valid signature found. Strip all DKIM-Signature headers
--- Delete in reverse order to avoid index shifting.
-for i = nsigs, 1, -1 do
-	odkim.del_header(ctx, "DKIM-Signature", i)
 end
 
 return nil