Ihsan,
> DKIM works for me so far. If I send an e-mail through the webmail
> interface, the E-Mail is signed.
> If I send an e-mail with a regular client, which is authenticated with
> SMTP-AUTH, the mail is not signed.
> Is it possible to catch these mails as well?
'originating' flag must be on to permit DKIM signing.
The simplest way of turning 'originating' is implicitly,
when sending client's IP address matches @mynetworks list.
In your case inserting a 0.0.0.0 into @mynetworks list would
probably solve the issue of mail submitted through pickup:
2.4.5 release notes:
- for the purpose of looking up client IP address in @mynetworks_maps,
treat unknown/unavailable IP address as 0.0.0.0; this allows treating
directly submitted mail on the MTA host (not submitted through SMTP) as
coming from IP address 0.0.0.0 (i.e. "This" Network - according to RFC 1700);
Note that this is indistinguishable from other reasons when IP address
is not made available to amavisd, e.g. when smtp_send_xforward_command
option in Postfix smtp service is not enabled, which is why the default
setting of @mynetworks does not include a 0.0.0.0/8 network to prevent
unintentionally loading a MYNETS policy bank.
One should add 0.0.0.0/8 to a @mynetworks list only when XFORWARD is known
to work and if some software on the MTA host is submitting its mail to MTA
directly, e.g. through a sendmail mail submission command (or its lookalike),
and MYNETS policy bank loading is needed for proper processing of such mail
(e.g. DKIM signing or adding disclaimers in later versions of amavisd);
A more general way of turning up the 'originating' flag is through a
policy bank, e.g.:
$inet_socket_port = [10024,10026];
$interface_policy{'10026'} = 'ORIGINATING';
$policy_bank{'ORIGINATING'} = { # mail originating from our users
originating => 1,
# force MTA conversion to 7-bit before DKIM signing
# to avoid later conversions, destroying signature:
smtpd_discard_ehlo_keywords => ['8BITMIME'],
};
Any mail which MTA will pass to a filter on port 10026 (but not on 10024)
will now be eligible for DKIM signing. This is useful for mail submitted
from authenticated roaming clients which have foreign IP addresses.
pickup fifo n - n 60 1 pickup
-o content_filter=amavisfeed:[127.0.0.1]:10026
See also:
http://marc.info/?l=postfix-users&m=122658465804423
Mark
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
