Seems if you use dkim to sign outgoing email through amavisd-new policy
bank and forward-method, the 'disclaimer' added to message does not pass
the body test. since it seems to sign the message before the disclaimer
is added.
Q) how do I get it to sign AFTER mangling (do I do it in amavisd.conf?)
or wait till Mark gets back?
(as least assume this is why I get this error on reflector:
testing.dkim.org; [EMAIL PROTECTED]; dkim=fail (
Err: body altered; RSA-128 err: hdrdiffs=none; bodyvfy=no;
secnap.net/s102
4 fail; );
[EMAIL PROTECTED]; dkim=neutral
[DKIM-Bodyhash: Warning]
body hashes do not match for "Michael Scheidell"
sig=k9XtizUNBPIHQDW1po4NYI6foNM= calc=QsnK/S4Ee01odgjQhyN9o4FaZjk=
[DKIM-Vfy: Warning]
RSA-128 err: [EMAIL PROTECTED] hdrdiffs=none; bodyvfy=no;
openssl=error:00000000:lib(0):func(0):reason(0); 'v=1; a=rsa-sha1;
c=relaxed; d=secnap.net;
h=mime-version:content-type:content-transfer-encoding:subject:
date:message-id:from:to; q=dns/txt; s=s1024; bh=k9XtizUNBPIHQDW1
po4NYI6foNM=; b='
Using FREEBSD, postfix, amavisd-new 2.5.2, Mail:DKIM .26, dkimproxy.
Used this to do forwarding, disclaimers:
(using dkim proxy from ports, in rc.conf:
amavisd-new forward sends to 127.0.0.1:10027.
Dkimproxy listens on 127.0.0.0:10027, signs message and send back out
10028.
Postfix listens on 10028 and sends email back out.
dkimproxy_out_enable="YES"
dkimproxy_out_flags="--keyfile=/usr/local/etc/dkimproxy/private.key \
--selector=s1024 --domain=secnap.com,secnap.net --method=relaxed
\
127.0.0.1:10027 127.0.0.1:10028"
master.cf:
127.0.0.1:10028 inet n - n - 10 smtpd
-o content_filter=
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_chec
ks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
amavisd.conf
@altermime_args_disclaimer =
qw(--verbose --disclaimer=/var/amavis/etc/disclaimer.txt
--disclaimer-html=/var/amavis/etc/disclaimer.html);
$defang_maps_by_ccat{+CC_CLEAN} = [ 'disclaimer' ];
$policy_bank{'MYNETS'} = { # mail originating from @mynetworks
originating => 1,
forward_method => 'smtp:[127.0.0.1]:10027',
allow_disclaimers => 1,
smtpd_discard_ehlo_keywords => ['8BITMIME'],
....
--
Michael Scheidell, CTO
Join SECNAP at SecureWorld Philadelphia May 16-17
http://www.secnap.com/events for free and discounted seminar tickets
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(tm).
For Information please see http://www.spammertrap.com
_________________________________________________________________________
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
