DKIM-milter only for outgoing
in [Postfix]
|
From: Birta Levente on 15 Apr 2010 10:23 Hi all My postfix server is set up with amavisd-new and dkim-milter. In the main.cf: content_filter = smtp-amavis:[127.0.0.1]:10024 smtpd_milters = inet:localhost:20209 non_smtpd_milters = inet:localhost:20209 milter_protocol = 2 milter_default_action = accept With this configuration the DKIM signature is added even to the incoming mails and I don't see any reason to do that. How can I set up the server to add DKIM signature only for the outgoing mails? thanks Levi
From: Tomoyuki Murakami on 15 Apr 2010 11:26 From: Birta Levente <blevi.linux(a)gmail.com> Subject: DKIM-milter only for outgoing Date: Thu, 15 Apr 2010 17:23:12 +0300 > My postfix server is set up with amavisd-new and dkim-milter. > > In the main.cf: > > content_filter = smtp-amavis:[127.0.0.1]:10024 > > smtpd_milters = inet:localhost:20209 > non_smtpd_milters = inet:localhost:20209 > milter_protocol = 2 > milter_default_action = accept > With this configuration the DKIM signature is added even to the > incoming mails and I don't see any reason to do that. For dkim-filter, you can limit the signing domain by -d option. In Postfix, you should separate the services for incoming and outgoing(submission). If you do so, you can move the milter setting from main.cf to master.cf and setting like, smtp inet n - n - - smtpd -o ..... -o .. submission inet n - n - - smtpd -o smtpd_etern_restrictions=reject -o smtpd_sasl_auth_enable=yes -o ... -o smtpd_milters=inet:127.0.0.1:20209 ... I'm not sure how these are appropriate, but this setting smtpd_milters only for submission and work for me fine in normal operation. -- Tomo.
From: Birta Levente on 16 Apr 2010 09:22 On 15/04/2010 18:26, Tomoyuki Murakami wrote: > From: Birta Levente<blevi.linux(a)gmail.com> > Subject: DKIM-milter only for outgoing > Date: Thu, 15 Apr 2010 17:23:12 +0300 > > >> My postfix server is set up with amavisd-new and dkim-milter. >> >> In the main.cf: >> >> content_filter = smtp-amavis:[127.0.0.1]:10024 >> >> smtpd_milters = inet:localhost:20209 >> non_smtpd_milters = inet:localhost:20209 >> milter_protocol = 2 >> milter_default_action = accept >> > >> With this configuration the DKIM signature is added even to the >> incoming mails and I don't see any reason to do that. >> > For dkim-filter, you can limit the signing domain by -d option. > In Postfix, you should separate the services for incoming and > outgoing(submission). If you do so, you can move the milter > setting from main.cf to master.cf and setting like, > > smtp inet n - n - - smtpd > -o ..... > -o .. > > submission inet n - n - - smtpd > -o smtpd_etern_restrictions=reject > -o smtpd_sasl_auth_enable=yes > -o ... > -o smtpd_milters=inet:127.0.0.1:20209 > > ... I'm not sure how these are appropriate, but this setting > smtpd_milters only for submission and work for me fine in normal > operation. > > -- > Tomo. > Thanks Tomo. With submission I nedd to use port 587 (no?), but I want to use on 25 port, can I? Can I get postfix to send all outgoing mail trough specified transport? Thanks, Levi
From: Wietse Venema on 16 Apr 2010 09:57 Birta Levente: > On 15/04/2010 18:26, Tomoyuki Murakami wrote: > > From: Birta Levente<blevi.linux(a)gmail.com> > > Subject: DKIM-milter only for outgoing > > Date: Thu, 15 Apr 2010 17:23:12 +0300 > > > > > >> My postfix server is set up with amavisd-new and dkim-milter. > >> > >> In the main.cf: > >> > >> content_filter = smtp-amavis:[127.0.0.1]:10024 > >> > >> smtpd_milters = inet:localhost:20209 > >> non_smtpd_milters = inet:localhost:20209 > >> milter_protocol = 2 > >> milter_default_action = accept > >> > > > >> With this configuration the DKIM signature is added even to the > >> incoming mails and I don't see any reason to do that. > >> > > For dkim-filter, you can limit the signing domain by -d option. > > In Postfix, you should separate the services for incoming and > > outgoing(submission). If you do so, you can move the milter > > setting from main.cf to master.cf and setting like, > > > > smtp inet n - n - - smtpd > > -o ..... > > -o .. > > > > submission inet n - n - - smtpd > > -o smtpd_etern_restrictions=reject > > -o smtpd_sasl_auth_enable=yes > > -o ... > > -o smtpd_milters=inet:127.0.0.1:20209 > > > > ... I'm not sure how these are appropriate, but this setting > > smtpd_milters only for submission and work for me fine in normal > > operation. > > > > -- > > Tomo. > > > > Thanks Tomo. > > With submission I nedd to use port 587 (no?), but I want to use on 25 > port, can I? > > > Can I get postfix to send all outgoing mail trough specified transport? Here is how my DKIM milter signs "port 25" mail from "trusted" clients. $ postconf -n | grep milter milter_content_timeout = 30s milter_default_action = accept milter_protocol = 2 non_smtpd_milters = inet:127.0.0.1:9998 smtpd_milters = inet:127.0.0.1:9998 ps axww | grep dkim-filter /usr/local/sbin/dkim-filter -l -p inet:x(a)127.0.0.1 -u milter -d porcupine.org -i /etc/porcupine.org-network -k /etc/porcupine.org-private -s dktest -bs The file /etc/porcupine.org-network has the IP address ranges of "my" networks. Wietse
From: ram on 16 Apr 2010 10:32 On Fri, 2010-04-16 at 16:22 +0300, Birta Levente wrote: > On 15/04/2010 18:26, Tomoyuki Murakami wrote: > > From: Birta Levente<blevi.linux(a)gmail.com> > > Subject: DKIM-milter only for outgoing > > Date: Thu, 15 Apr 2010 17:23:12 +0300 > > > > > >> My postfix server is set up with amavisd-new and dkim-milter. > >> > >> In the main.cf: > >> > >> content_filter = smtp-amavis:[127.0.0.1]:10024 > >> > >> smtpd_milters = inet:localhost:20209 > >> non_smtpd_milters = inet:localhost:20209 > >> milter_protocol = 2 > >> milter_default_action = accept > >> > > > >> With this configuration the DKIM signature is added even to the > >> incoming mails and I don't see any reason to do that. > >> > > For dkim-filter, you can limit the signing domain by -d option. > > In Postfix, you should separate the services for incoming and > > outgoing(submission). If you do so, you can move the milter > > setting from main.cf to master.cf and setting like, > > > > smtp inet n - n - - smtpd > > -o ..... > > -o .. > > > > submission inet n - n - - smtpd > > -o smtpd_etern_restrictions=reject > > -o smtpd_sasl_auth_enable=yes > > -o ... > > -o smtpd_milters=inet:127.0.0.1:20209 > > > > ... I'm not sure how these are appropriate, but this setting > > smtpd_milters only for submission and work for me fine in normal > > operation. > > > > -- > > Tomo. > > > > Thanks Tomo. > > With submission I nedd to use port 587 (no?), but I want to use on 25 > port, can I? > AFAIK In dkim milter you can specify domains for whom you dont want to sign Put your domains in there Thanks Ram
|
Next
|
Last
Pages: 1 2 Prev: Limit outgoing SMTP Next: Trouble with virtual_alias_maps and mailman stopped working |