Re: Getting DKIM to work with Mailman and Postfix

Tue, 06 May 2014 06:52:36 -0700 

On Mon, May 5, 2014 17:50, Wietse Venema wrote:

>
> Well nothing works without correct configuration.  Is your SMTP
> server correctly set up to sign local submissions on 127.0.0.1
> and the TCP port that mailman is talking to?
>
> You'd have to verify that first. Only then does it make sense
> to try to make signing work with mailman submission on 127.0.0.1.
>

This is my MSA configuration in Master.cf

submission inet n       -       n       -       -       smtpd -v
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o 
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
#  -o smtpd_client_restrictions=check_sender_access
hash:/etc/postfix/sender_access,permit_sasl_authenticated,reject
  -o
smtpd_recipient_restrictions=permit_sasl_authenticated,permit_tls_clientcerts,reject_unauth_destination
#  -o smtpd_sender_restrictions=check_sender_access
hash:/etc/postfix/sender_access,permit_sasl_authenticated,permit_tls_clientcerts,reject
  -o
smtpd_sender_restrictions=permit_sasl_authenticated,permit_tls_clientcerts,reject
  -o milter_macro_daemon_name=ORIGINATING
  -o syslog_name=postfix-p587


And in main.cf I have this:

smtpd_helo_restrictions =
  permit_mynetworks,
  reject_non_fqdn_helo_hostname,
  reject_invalid_helo_hostname,
  permit

smtpd_sender_restrictions =
  permit_mynetworks,
  check_sender_access hash:/etc/postfix/sender_access,
  permit_sasl_authenticated,
  reject_non_fqdn_sender,
  reject_unknown_sender_domain,
  permit

# RBL lookups handled in spamassassin so need for them here
smtpd_client_restrictions = permit
. . .
# enable tls
#
smtp_use_tls=yes
smtpd_use_tls=yes
# log for testing only
#smtpd_tls_loglevel = 3

# but do not require tls for all connections
smtp_tls_security_level = may
smtpd_tls_security_level = may

# but do require it for authenticated connections
#
smtpd_tls_auth_only = yes



I have only cursory knowledge of Postfix but I suspect that the problem may
lie with encryption on the submission interface.  I see this in master.cf

  -o smtpd_tls_security_level=encrypt

and I do not understand how that matches with the directives in main.cf. 
Should the encryption option in master.cf be removed entirely?

Thank you for your assistance.

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:[email protected]
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

Reply via email to