I just read the man page on peer list and it seems to say the email
coming from 127.0.0.1 will not be filtered altogether. I was looking
to filter that message. Wouldn't opendkim fail this message if source
ip is 127.0.0.1. If so, how do you make opendkim ignore this source
ip and go to previous?
Thanks
On Thu, Nov 26, 2009 at 1:30 PM, Roman Gelfand <rgelfand2_at_gmail.com> wrote:
> On Thu, Nov 26, 2009 at 12:31 PM, Murray S. Kucherawy <msk_at_blackops.org> wrote:
>> On Thu, 26 Nov 2009, Roman Gelfand wrote:
>>>
>>> My topology is dmz. The firewall passes the messages to the postfix
>>> server in dmz. Since opendkim milter is not going to be the first in line,
>>> it actually receives mail from postfix server 127.0.0.1. Unless you tell me
>>> otherwise, I don't want to neither sign nor verify 127.0.0.1. Unless it
>>> doesn't matter and opendkim is able to discern the original message source,
>>> how do you tell opendkim to ignore localhost hop?
>>
>> Put 127.0.0.1 in the PeerList. This causes that host to be completely
>> ignored. The opendkim(8) and opendkim.conf(5) man pages contain
>> instructions for doing this both from the command line and the configuration
>> file.
>>
>> The IP address/hostname of the client is only used when deciding whether to
>> sign or verify a message. If the injecting IP address always appears as
>> 127.0.0.1, you'll have some trouble deciding when to sign and when to verify
>> safely. How can you determine what's inbound and what's outbound?
>>
>
>
> I suppose I could set up a virtual machine for outbound email. This
> way I have a separate server for incoming and outgoing. But my
> private key could be the same. Does this sound right?
>
> Thanks again for your help
>
Received on Thu Nov 26 2009 - 18:46:09 PST
This archive was generated by hypermail 2.3.0
: Mon Oct 29 2012 - 23:16:46 PST