On Mon, May 5, 2014 14:29, Marius Gologan wrote:
> I've noticed you are using amavisd-new. It can easily sign your messages.
>
> I'm showing what I use:
>
> cat /etc/amavis/conf.d/22-dkim
> use strict;
>
> $enable_dkim_signing = 1;
>
> dkim_key('domain1.com', 'dkim', '/path/to/domain1.com-dkim.key.pem');
> @dkim_signature_options_bysender_maps = (
> { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );
> @mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12
> 192.168.0.0/16 ); # list your internal networks
>
> 1; # ensure a defined return
>
>
> Generate certificate:
> amavisd-new genrsa /path/to/domain1.com-dkim.key.pem 2048
>
>
> Show the formatted value for DNS TXT record:
> amavisd-new showkeys domain1.com
>
>
> Marius.
Forgive me if I do not understand what you are trying to convey. We already
have Postfix DKIM correctly signing emails originating in our domains and
passing through our outgoing smtp gateway. The problem is that mail that
comes to that host destined for a Mailman mailing list is not being signed
when it is forwarded out again. That is what I want to have fixed.
I am not sure of anything but at the moment my belief is that the Mailman
forwarded mail is not being processed by OpenDKIM because of this entry in
master.cf:
# Before-queue Amavis after-filter processing
# Receive amavis re-injection and do no other checks
#
127.0.0.1:10025
inet n - n - - smtpd
-o content_filter=
. . .
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,
-->> no_milters, <<-- no_address_mappings
Just a guess mind you. However, I am not yet desperate enough to play around
with this without some informed guidance on the matter.
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:[email protected]
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
