Re: opendkim/postfix: no signature for emails submitted through port 25

From: Andreas Schulze <sca_at_andreasschulze.de>
Date: Mon, 18 Mar 2013 22:18:58 +0100

Am Mo, 18.03.2013, 21:42 schrieb Murray S. Kucherawy:
> something else is going on.

Hi,

I followed the discussion and would also tell "something else is going on".

Patrick,

you have inbound mx traffic to verified and inbound submission traffic to be signed.
opendkim has its decissionmatrix what to do (logged if "logwhy" is enabled)
But that logic fail for unknown reasons.

So try a different approach: separate traffic.

inbound mx _at_port 25
inbound submission _at_port 587

modify your master.cf

smtpd inet n - - - - smtpd
 -o smtpd_milters=${opendkim_milter}
submission inet n - - - - smtpd
 -o milter_macro_daemon_name=ORIGINATING
 -o smtpd_milters=${opendkim_milter}
 -o syslog_name=postfix/submission

remove smtpd_milters from main.cf and set them in only master.cf
add ${opendkim_milter} to main.cf ( makes master.cf more readable )
not listing smtpd_milters in main.cf enables you to select milter per port!
(this is really cool & sendmail can't do that as far as I know :-)

now opendkim has a reliable trigger to distinct between verify and signing mode:
the milter_macro_daemon_name. unset it defaults to $myhostname otherwise it's the litaral "ORIGINATING"

now you have to tell opendkim about that:
add "MTA ORIGINATING" to opendkim.conf and leave "InternalHosts, PeerList, ExternalIgnoreList" at defaults.
(read: remove them)

Andreas
Received on Mon Mar 18 2013 - 21:19:16 PST

This archive was generated by hypermail 2.3.0 : Mon Mar 18 2013 - 21:27:01 PST