Re: FW: DKIM Signatures now being applied to IETF Email

From: Daniel Black <daniel.subs_at_internode.on.net>
Date: Thu, 28 Jul 2011 12:23:28 +1000

On Wed, 27 Jul 2011 01:18:45 PM Murray S. Kucherawy wrote:
> On Tue, 26 Jul 2011, Steve Jenkins wrote:
> > Very cool! I don't use mailman, but I have a fair amount of experience
> > with Postfix & Amavis with OpenDKIM. I'd be curious to hear what the
> > difficulties were.
>
> The end setup is:
>
> - accept mail via postfix on port 25
> - reroute the mail to amavisd, which is apparently its own MTA, on another
> port - amavisd reinjects the message back to postfix on another port
> - postfix passes it to mailman (dunno how)
> - mailman reinjects the message back to postfix on yet another port
> - postfix, on that last port, invokes opendkim
> - the mail goes out signed
>
> We had to add that last reinjection port and attach opendkim there. No
> other changes were needed except possibly a tweak to mailman.
>
> It's possible this could be simplified.

I suspect the only simplification is making mailman inject back to postfix as
a local injection (the postfix sendmail command) rather than its own port.
This would imply postix as a non_smtpd_milter.

Looks like a typical setup however. Well done Murray.

What kind of opendkim setup did you use? It seems its a sign only setup. Is
there a stream based seperation from the main ietf email or between email
lists?
Received on Thu Jul 28 2011 - 02:24:50 PST