Problem solved! After debugging dkim_signing in logging.inc it was easy to find. If an IP is within a local WHITLELIST_IP the steps for dkim_signing are not addressed anymore. Removing the IP from the whitelist did the trick. As users are authenticated, the whitelist entry is not really needed. Thanks for help.