On Thu, Nov 26, 2009 at 12:31 PM, Murray S. Kucherawy <msk_at_blackops.org> wrote:
> On Thu, 26 Nov 2009, Roman Gelfand wrote:
>>
>> My topology is dmz. The firewall passes the messages to the postfix
>> server in dmz. Since opendkim milter is not going to be the first in line,
>> it actually receives mail from postfix server 127.0.0.1. Unless you tell me
>> otherwise, I don't want to neither sign nor verify 127.0.0.1. Unless it
>> doesn't matter and opendkim is able to discern the original message source,
>> how do you tell opendkim to ignore localhost hop?
>
> Put 127.0.0.1 in the PeerList. This causes that host to be completely
> ignored. The opendkim(8) and opendkim.conf(5) man pages contain
> instructions for doing this both from the command line and the configuration
> file.
>
> The IP address/hostname of the client is only used when deciding whether to
> sign or verify a message. If the injecting IP address always appears as
> 127.0.0.1, you'll have some trouble deciding when to sign and when to verify
> safely. How can you determine what's inbound and what's outbound?
>
I suppose I could set up a virtual machine for outbound email. This
way I have a separate server for incoming and outgoing. But my
private key could be the same. Does this sound right?
Thanks again for your help
Received on Thu Nov 26 2009 - 18:30:43 PST
This archive was generated by hypermail 2.3.0
: Mon Oct 29 2012 - 23:16:46 PST