On 19 Nov 2020, at 5:44, [email protected] wrote:
Hi, Is there a possibility to provide outgoing mails with a DKIM
signature only for a certain login - sender domain combination? The
background to this is: With the sender_maps it is possible to allow
different senders for a login. The mail may only be signed for those
where the login and sender domain match. Thanks, André
Am 19.11.2020 um 15:44 schrieb Bill Cole:
Because Postfix does not implement DKIM signing itself, the answer is
dependent on what software you use for DKIM signing. If your signing
is done in a milter, Postfix cannot select which mail is signed and
which is not. That must be done in the milter itself. For example, I
work with systems that use the MIMEDefang milter for signing (using
the Perl Mail::DKIM module) where the decision of whether and how to
sign mail is made based on the sender.
On 22.11.20 09:07, [email protected] wrote:
As a milter I use OpenDKIM. The user is not transferred to the milter
itself, so I have no way of deciding what should be signed there. Only
Postfix knows the user, so a decision would have to be made already
there what is passed on to the milter and what is not.
domains are signed, not users.
If you want to verify user matches login, you can use
smtpd_sender_login_maps and reject*sender_login_mismatch directives. That
way, users won't be allowed to send from addresses they don't have enabled.
you can make only some senders signed, by putting their addresses to access
map with a FILTER: destination:
http://www.postfix.org/access.5.html
However, since signing is based on From: address and directives above use
envelope address (mail from:), you should verify that they match before you
sign.
--
Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Your mouse has moved. Windows NT will now restart for changes to take
to take effect. [OK]
