Martjin graciously contacted me on this.
He recommended redirecting socket to TCP because stmpd will append the
hostname to addresses without a hostname. I never would have thought of
redirect, as obvious as it seems. He also recommended to use tagging,
but my simple mind only worked out a slightly different solution.
For posterity, here is the configuration I ended up with:
pki int_net cert "/etc/ssl/192.0.2.38.crt"
pki int_net key "/etc/ssl/private/smtp.example.com.key"
table aliases file:/etc/mail/aliases
filter "dkimsign_loc_rsa" proc-exec "filter-dkimsign \
-d smtp.example.com -s 10172021 \
-k /etc/mail/dkim/10172021.rsa.key" user _dkimsign group _dkimsign
filter "dkimsign_int_rsa" proc-exec "filter-dkimsign \
-d example.com \
-d smtp.example.com \
-s 10172021 -k /etc/mail/dkim/10172021.rsa.key" user _dkimsign group
_dkimsign
listen on socket
listen on lo0 filter "dkimsign_loc_rsa"
listen on vio1 tls pki int_net filter "dkimsign_int_rsa"
action "local_mail" mbox alias <aliases>
action "local_redirect" relay host smtp+notls://127.0.0.1:25
action "outbound" relay
match from socket action "local_redirect"
match for local action "local_mail"
match from any for any action "outbound"
Note that this server is a private network mail relay and vio1 is the
private interface with access controlled using PF.
I speculate others will be having this same failed DKIM for socket mail
such as system messages.
Thank you,
Paul
On 2021-10-27 11:14, [email protected] wrote:
On 2021-10-27 10:04, [email protected] wrote:
I have the following rules in /etc/mail/smtpd.conf
(non-applicable configurations redacted for brevity):
table aliases file:/etc/mail/aliases
filter "dkimsign_local_rsa" proc-exec "filter-dkimsign -z \
-d hostname.example.com -s 10172021 \
-k /etc/mail/dkim/10172021.rsa.key" user _dkimsign group _dkimsign
listen on socket filter "dkimsign_local_rsa"
listen on lo0 filter "dkimsign_local_rsa"
action "local_mail" mbox alias <aliases>
match for local action "local_mail"
I accidentally cut too much out of the conf file:
table aliases file:/etc/mail/aliases
filter "dkimsign_local_rsa" proc-exec "filter-dkimsign -z \
-d hostname.example.com -s 10172021 \
-k /etc/mail/dkim/10172021.rsa.key" user _dkimsign group _dkimsign
listen on socket filter "dkimsign_local_rsa"
listen on lo0 filter "dkimsign_local_rsa"
action "local_mail" mbox alias <aliases>
action "outbound" relay
match for local action "local_mail"
match from any for any action "outbound"
Thank you.
