On 18 mars 2013, at 22:18, Andreas Schulze wrote:
> Am Mo, 18.03.2013, 21:42 schrieb Murray S. Kucherawy:
>> something else is going on.
>
> Hi,
>
> I followed the discussion and would also tell "something else is going on".
and this something else appears to be the before-queue content filtering. Wietse explains this here:
<
http://postfix.1071664.n5.nabble.com/Any-best-practices-for-stacking-filters-td51592.html>
His solution is much like the one you present (separate traffics), and takes my filtering needs into account.
Thanks for your help, I've learn many things about milter, opendkim and postfix debugging ;)
>
> Patrick,
>
> you have inbound mx traffic to verified and inbound submission traffic to be signed.
> opendkim has its decissionmatrix what to do (logged if "logwhy" is enabled)
> But that logic fail for unknown reasons.
>
> So try a different approach: separate traffic.
>
> inbound mx _at_port 25
> inbound submission _at_port 587
>
> modify your master.cf
>
> smtpd inet n - - - - smtpd
> -o smtpd_milters=${opendkim_milter}
> submission inet n - - - - smtpd
> -o milter_macro_daemon_name=ORIGINATING
> -o smtpd_milters=${opendkim_milter}
> -o syslog_name=postfix/submission
>
> remove smtpd_milters from main.cf and set them in only master.cf
> add ${opendkim_milter} to main.cf ( makes master.cf more readable )
> not listing smtpd_milters in main.cf enables you to select milter per port!
> (this is really cool & sendmail can't do that as far as I know :-)
>
> now opendkim has a reliable trigger to distinct between verify and signing mode:
> the milter_macro_daemon_name. unset it defaults to $myhostname otherwise it's the litaral "ORIGINATING"
>
> now you have to tell opendkim about that:
> add "MTA ORIGINATING" to opendkim.conf and leave "InternalHosts, PeerList, ExternalIgnoreList" at defaults.
> (read: remove them)
>
> Andreas
>
Received on Mon Mar 18 2013 - 21:55:09 PST