FM = Franck Martin <[email protected]> AB = Anne Bennett <[email protected]> MK = Murray S. Kucherawy <[email protected]>
FM>>>> Note that postfix/sendmail can DKIM sign the bounces it creates. AB>>> A few weeks ago I searched for documentation on how to make AB>>> Sendmail sign its bounces, and I failed to find anything. AB>>> If you could point me at any document at all as a starting AB>>> point for that, I'd be grateful. MK>> DKIM signing in sendmail is done via its milter API, which MK>> is instantiated only when traffic arrives via SMTP. DSNs are MK>> generated and queued internally, not via SMTP. Thus sendmail MK>> does not sign its bounces. That was the conclusion I had come to. MK>> The only way to do that would be MK>> to have the sendmail instance generating the DSN route the MK>> DSN through a second MTA on its way out, and that second one MK>> would do the signing. Oooh, ick, but that would work. I'll keep it in mind. Thank you. FM> http://www.postfix.org/MILTER_README.html [...] FM> To sign Postfix's own bounce messages, enable filtering of FM> internally-generated bounces (line 2 below), and don't reject any FM> internally-generated bounces with non_smtpd_milters Okay, so Postfix can do it more straightforwardly. Good to know, and thank you too. Anne. -- Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8 [email protected] +1 514 848-2424 x2285 _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
