Update: signing by DKIM proxy must be the latest rule to prevent looping. Below 
is updated correct rules order.

listen on lo0 port 1030 tag DKIM_OUT
action "dkim-sign" relay host smtp://127.0.0.1:1030

match tag DKIM_OUT for any action "outbound"
match from local for any action "dkim-sign"

Martin

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, March 10, 2020 6:13 PM, Martin <martin...@protonmail.com> wrote:

> Finally fixed smtpd looping behavior.
>
> /etc/dkimproxy_out.conf points to message signing keys which have 
> insufficient permissions to read.
>
> Affected rules:
>
> listen on lo0 port 1030 tag DKIM_OUT
> action "dkim-sign" relay host smtp://127.0.0.1:1030
>                                                ^^^^^^^^
> match from local for any action "dkim-sign"
>                                                ^^^^^^^^
> match tag DKIM_OUT for any action "outbound"
>
> Martin
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Tuesday, March 10, 2020 1:46 PM, Reio Remma <r...@mrstuudio.ee> wrote:
>
>> Try running 'smtpd -d -T rules' and see what rule you're hitting.
>>
>> Or alternatively 'smtpctl trace rules' and look at maillog and later turn it 
>> off with 'smtpctl untrace rules'.
>>
>> match auth most likely doesn't work at all if you submit to port 25 without 
>> authentication.
>>
>> Good luck,
>> Reio
>>
>> On 10/03/2020 15:35, Martin wrote:
>>
>>> table reject-subnet
>>> file:/etc/mail/reject-subnet
>>> (contains 192.168.2.0/24)
>>> table reject-domain
>>> file:/etc/mail/reject-domain
>>> (contains nothing)
>>> table reject-domain
>>> file:/etc/mail/reject-domain-helo
>>> (contains nothing)
>>>
>>> action "local-aliases" lmtp "/var/dovecot/lmtp" rcpt-to alias <aliases>
>>> action "virtual-users" lmtp "/var/dovecot/lmtp" rcpt-to alias <virtuals>
>>> action "spampd-in" relay host
>>> smtp://127.0.0.1:10025
>>> action "dkim-sign" relay host
>>> smtp://127.0.0.1:1027
>>> action "outbound" relay src <sources> helo-src <helonames>
>>>
>>> match from src <reject-subnet> for any reject
>>> match from any mail-from <reject-domain> for any reject
>>> match from any helo <reject-domain-helo> for any reject
>>>
>>> match from local for local action "local-aliases"
>>> match tag SPAM_IN fro local action "local-aliases"
>>> match from any for domain <domains> action "virtual-users"
>>> match tag SPAM_IN from any for domain <domains> action "virtual-users"
>>>
>>> match tag DKIM_OUT for any action "outbound"
>>> match auth from any for any action "outbound"
>>>
>>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>>> On Tuesday, March 10, 2020 1:22 PM, Reio Remma
>>> [<r...@mrstuudio.ee>](mailto:r...@mrstuudio.ee)
>>> wrote:
>>>
>>>> On 10/03/2020 15:18, Martin wrote:
>>>>
>>>>> Hello list,
>>>>> Undefined problem with mail infinite looping if I send messages from mail
>>>>> server's localhost to any domains outside.
>>>>> If I sent mail from mail server itself (from localhost) to aliased
>>>>> addresses and virtuals on the same mail's server domain, all the
>>>>> messages delivered fine even sent from localhost.
>>>>> In two sentences:
>>>>> Sending from localhost to 'remote' addresses > infinite loop
>>>>> Sending from localhost to 'local' aliases and virtual users > all
>>>>> works fine
>>>>> In both ways I'm using Mutt locally on mail server. Mutt connects to
>>>>> 127.0.0.1:25 in clear without any auth.
>>>>> $ cat /etc/smtpd.conf
>>>>> ...
>>>>> table aliases db:/etc/mail/aliases.db
>>>>> table virtuals db:/etc/mail/virtuals.db
>>>>> listen on lo0 tls pki smtp.domain.tld mask-src no-dsn hostname
>>>>> <heloname> tag SMTP
>>>>> action "local-aliases" lmtp "/var/dovecot/lmtp" rcpt-to alias <aliases>
>>>>> action "virtual-users" lmtp "/var/dovecot/lmtp" rcpt-to virtual <virtuals>
>>>>> action "outbound" relay src <sources> helo-src <helonames>
>>>>> match auth from any for any action "outbound"
>>>>
>>>> What are your other match rules (in correct order)?
>>>>
>>>> Reio
>>
>> --
>> Tervitades
>> Reio Remma
>>
>> MR Stuudio OÜ
>> Tondi 17b, 11316, Tallinn
>> Tel +372 650 4808
>> Mob +372 56 22 00 33
>> r...@mrstuudio.ee
>> www.mrstuudio.ee

Reply via email to