> On May 1, 2015, at 9:54 AM, Murray S. Kucherawy <[email protected]> wrote: > > On Fri, May 1, 2015 at 8:55 AM, Anne Bennett <[email protected] > <mailto:[email protected]>> wrote: > > Franck Martin <[email protected] <mailto:[email protected]>> writes: > > Note that postfix/sendmail can DKIM sign the bounces it creates. > > A few weeks ago I searched for documentation on how to make > Sendmail sign its bounces, and I failed to find anything. > If you could point me at any document at all as a starting > point for that, I'd be grateful. > > DKIM signing in sendmail is done via its milter API, which is instantiated > only when traffic arrives via SMTP. DSNs are generated and queued > internally, not via SMTP. Thus sendmail does not sign its bounces. The only > way to do that would be to have the sendmail instance generating the DSN > route the DSN through a second MTA on its way out, and that second one would > do the signing. > > I have no idea if any of that is true for postfix, but I believe it has hooks > for calling milter APIs even for non-SMTP messages. >
http://www.postfix.org/MILTER_README.html <http://www.postfix.org/MILTER_README.html> Signing internally-generated bounce messages Postfix normally does not apply content filters to mail that is generated internally such as bounces or Postmaster notifications. Filtering internally-generated bounces would result in loss of mail when a filter rejects a message, as the resulting double-bounce message would almost certainly also be blocked. To sign Postfix's own bounce messages, enable filtering of internally-generated bounces (line 2 below), and don't reject any internally-generated bounces with non_smtpd_milters <http://www.postfix.org/postconf.5.html#non_smtpd_milters>, header_checks <http://www.postfix.org/postconf.5.html#header_checks> or body_checks <http://www.postfix.org/postconf.5.html#body_checks> (lines 3-5 below). 1 /etc/postfix/main.cf <http://www.postfix.org/postconf.5.html>: 2 internal_mail_filter_classes <http://www.postfix.org/postconf.5.html#internal_mail_filter_classes> = bounce 3 non_smtpd_milters <http://www.postfix.org/postconf.5.html#non_smtpd_milters> = don't reject internally-generated bounces 4 header_checks <http://www.postfix.org/postconf.5.html#header_checks> = don't reject internally-generated bounces 5 body_checks <http://www.postfix.org/postconf.5.html#body_checks> = don't reject internally-generated bounces
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
