> My guess is that the $originating flag is not set for mail
> coming from inside, so amavisd thinks this is an inbound mail,
> which is not to be signed.
> ...
> The cleanest way to differentiate mail submitted from inside
> from inbound mail is to provide a dedicated mailer (MSA) for
> mail submission, which accepts only authenticated mail or mail
> from internal networks. All mail from such MSA can then be
> passed to amavisd on a dedicated TCP port, where a policy bank
> can set the originating flag to 1.
>
> ...
>
> Mark
Hi Mark,
you were right. I had to introduce a policy bank which uses the
originating flag:
# policy bank to have mails DKIM signed
$policy_bank{'ORIGINATING'} = {
# indicates client is ours, allows signing
originating => 1,
# force MTA to convert mail to 7-bit before DKIM signing
# to avoid later conversions which could destroy signature:
smtpd_discard_ehlo_keywords => ['8BITMIME'],
# forward to a smtpd service providing DKIM signing service
# (if using a signing milter instead of signing by amavisd):
forward_method => 'smtp:[127.0.0.1]:10025',
};
# Use ORIGINATING policy to enable DKIM signing
$interface_policy{'10024'} = 'ORIGINATING';
So far it seems to work. Is there anything wrong with this solution?
Regards
Matthias
------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in
Real-Time with Splunk. Collect, index and harness all the fast moving IT data
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business
insights. http://p.sf.net/sfu/splunk-dev2dev
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
Please visit http://www.ijs.si/software/amavisd/ regularly
For administrativa requests please send email to rainer at openantivirus dot
org
