yes i did. it was setup as i thought it should be for a catch all but still wasn't working.
no matter. i consider this solved.
i created individual keys for each domain and spec'd each one individually in the config file and now it is properly signing each domain's email with its own key so I'm satisfied.