Matthias, > I work for a university institute and administrate its servers > "incidently". > Currently I am putting some work into our mail server configuration > (sendmail 8.13.1 with amavisd-new-2.6.4). Recently I got amavis to > verify DKIM signed mails. Now my plan was to sign outgoing Emails > ourselves. > This is what I have done [...]
> 8. Tested public key usage on my mailserver: > /usr/local/amavisd/amavisd testkeys > TESTING#1: sel1._domainkey.my.domain.topdomain.de => pass So far so good... > The problem is that amavis is not signing the mails. Rise $log_level to 2 and search the log for " dkim: ". It will tell you the reason for not signing a message. My guess is that the $originating flag is not set for mail coming from inside, so amavisd thinks this is an inbound mail, which is not to be signed. How is the sendmail interfaced with amavisd? Are you using amavisd-milter by Petr Rehor, or a dual-MTA setup? The cleanest way to differentiate mail submitted from inside from inbound mail is to provide a dedicated mailer (MSA) for mail submission, which accepts only authenticated mail or mail from internal networks. All mail from such MSA can then be passed to amavisd on a dedicated TCP port, where a policy bank can set the originating flag to 1. Alternatively, a simpler solution is to let @mynetworks implicitly turn on the originating flag for mail coming from internal networks. This simpler approach cannot deal with authenticated mail from roaming users. Mark ------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
