On Tue, Jul 26, 2011 at 8:18 PM, Murray S. Kucherawy <msk_at_blackops.org> wrote:
> On Tue, 26 Jul 2011, Steve Jenkins wrote:
>>
>> Very cool! I don't use mailman, but I have a fair amount of experience
>> with Postfix & Amavis with OpenDKIM. I'd be curious to hear what the
>> difficulties were.
>
> The end setup is:
>
> - accept mail via postfix on port 25
> - reroute the mail to amavisd, which is apparently its own MTA, on another
> port
> - amavisd reinjects the message back to postfix on another port
> - postfix passes it to mailman (dunno how)
> - mailman reinjects the message back to postfix on yet another port
> - postfix, on that last port, invokes opendkim
> - the mail goes out signed
>
> We had to add that last reinjection port and attach opendkim there. No
> other changes were needed except possibly a tweak to mailman.
>
> It's possible this could be simplified.
That's interesting - and very close to what I do (with the exception
of Mailman). I go Postfix (port 25 and/or 587) -> Amavis (port 10024)
-> Postfix (port 10025) -> OpenDKIM (20209)
For anyone else trying to do something like this, it's important to
include the following line in Postfix's master.cf file when you set up
the smtpd for Amavis to pass back into Postfix on port 10025:
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
The no_milters option is the one you need to add, otherwise OpenDKIM
signs the message twice.
I wrote some notes to myself about this back in February on my blog so
I'd remember:
SteveJ
Received on Wed Jul 27 2011 - 03:38:37 PST
This archive was generated by hypermail 2.2.0+W3C-0.50 : Wed Jul 27 2011 - 13:50:05 PST