Re: [AMaViS-user] DKIM signing

Thu, 03 Mar 2011 06:17:21 -0800 

Matthias,

> > The cleanest way to differentiate mail submitted from inside
> > from inbound mail is to provide a dedicated mailer (MSA) for
> > mail submission, which accepts only authenticated mail or mail
> > from internal networks. All mail from such MSA can then be
> > passed to amavisd on a dedicated TCP port, where a policy bank
> > can set the originating flag to 1.
 
> you were right. I had to introduce a policy bank which uses the
> originating flag:
> 
> # policy bank to have mails DKIM signed
> $policy_bank{'ORIGINATING'} = {
>    # indicates client is ours, allows signing
>    originating => 1,
>    # force MTA to convert mail to 7-bit before DKIM signing
>    # to avoid later conversions which could destroy signature:
>    smtpd_discard_ehlo_keywords => ['8BITMIME'],
>    # forward to a smtpd service providing DKIM signing service
>    # (if using a signing milter instead of signing by amavisd):
>    forward_method => 'smtp:[127.0.0.1]:10025',
> };
> 
> # Use ORIGINATING policy to enable DKIM signing
> $interface_policy{'10024'} = 'ORIGINATING';
> 
> So far it seems to work. Is there anything wrong with this solution?

Yes, that's what I had in mind. If you tested it and it works with
your MTA setup, than this is it. I just wasn't sure / don't know how
you are interfacing sendmail with amavisd, which can influence
a choice of solutions.

  Mark

------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in 
Real-Time with Splunk. Collect, index and harness all the fast moving IT data 
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business 
insights. http://p.sf.net/sfu/splunk-dev2dev 
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net 
https://lists.sourceforge.net/lists/listinfo/amavis-user 
 Please visit http://www.ijs.si/software/amavisd/ regularly
 For administrativa requests please send email to rainer at openantivirus dot 
org

Reply via email to