Hello,
I am trying to add openkim 2.0.1 to a postfix 2.8.2 relay server.
Clients authenticate via self-signed tls certs, and I am trying
to use cert_issuer as the authentication.
Here is my opendkim.conf:
Domain lifeintegrity.com
KeyFile /etc/postfix/opendkim.private
LogWhy yes
InternalHosts 127.0.0.1
MacroList {cert_issuer}=lifeintegrity.com
Selector s0
Syslog yes
UMask 002
Outgoing mails are not signed and I get the following logged:
Jul 19 05:50:37 pawan opendkim[3674]: 29D352F1 no macros match
Jul 19 05:50:37 pawan opendkim[3674]: 29D352F1 lifeintegrity.com
[173.48.39.13] not internal
Jul 19 05:50:37 pawan opendkim[3674]: 29D352F1 not authenticated
Jul 19 05:50:37 pawan opendkim[3674]: 29D352F1: no signature data
Not sure which part of the protocol opendkim requires the macro
so I asked postfix to send it over all the time:
milter_data_macros = ${milter_helo_macros}
milter_default_action = accept
milter_end_of_data_macros = ${milter_helo_macros}
milter_end_of_header_macros = ${milter_helo_macros}
milter_helo_macros = i {cert_issuer}
milter_mail_macros = ${milter_helo_macros}
non_smtpd_milters = $smtpd_milters
smtpd_milters = inet:localhost:12345
If I add the particular client IP then I only get the "no macros
match". The only thing I really can add is a wildcard as my
clients do not come from fixed IPs:
InternalHosts 127.0.0.1,173.48.39.13
Jul 19 05:54:33 pawan opendkim[6361]: EEFA62F1 no macros match
I tried with {cert_subject} but made no difference. Enabled
debugging in postfix and it at least claims that issuer is sent.
Tried with different protocol versions in postfix but does not
seem to make a difference.
/Allan
--
Allan Wind
Life Integrity, LLC
<http://lifeintegrity.com>
Received on Thu Jul 19 2012 - 06:00:51 PST