> We are running a website that also has a blogging feature. A reader can
> contact the author via a webform where he/she can enter his/her email address,
> specify a subject and write a message body. When they click on the "send"
> button the website generates an email and sends it via the postfix MTA.
I assume, the webserver submit via smtp, not via /usr/sbin/sendmail.
So you have all the power of postfix smtp servers.
1. create a separate input channel in master.cf:
127.0.0.1:12345 inet n - n --- smtpd
-o syslog_name=postfix/webapp_submission
-o milter_macro_daemon_name=WEBAPP_SUBMISSION
-o smtpd_milters=${opendkim_milter} ( defined in main.cf as opendkim_milter = inet:... )
2. create a file 'mtatable' containing WEBAPP_SUBMISSION
$ echo 'WEBAPP_SUBMISSION' >> etc/opendkim/mtatable
I always use signingtable+keytable.
3. allow any From address to sign
$ echo '* foobar' >> /etc/opendkim/signingtable
4. foobar is used to lookup keydata in keytable as usual
5. edit opendkim.conf
MTA file:/etc/opendkim/mtatable
SigningTable refile:/etc/opendkim/signingtable ( note the re in refile! )
KeyTable etc/opendkim/keytable
that way any mails arraive via SMTP to the milter *and* the Milter-Macro {daemon_name} is
WEBAPP_SUBMISSIONS will be signed using the key referred by the keytable index "foobar"
If one like different singingkeys for differnet {daemon_names} there is also a solotion with
postfix:
Add "-o milter_macro_v=any_at_webapp1" to the postfix smtp server an arrange that only webapp1
submitts there.
then add "SenderMacro {v}" to opendkim.conf. So opendkim does not look at any From headers
but takes {v} to lookup into signingtable.
modify the signingtable:
any_at_webapp1 key1
any_at_webapp2 key2
key1 an key2 are now different signingkeys defined in keytable...
I'm only unsure if such setup requires spezial compiletime features to be enabled.
--
Viele Grüße
Andreas Schulze
Received on Tue May 08 2012 - 13:43:39 PST