On 2021-05-14 11:38 p.m., Bill Cole wrote:
On 2021-05-14 at 22:30:18 UTC-0400 (Fri, 14 May 2021 22:30:18 -0400)
J Doe <gene...@nativemethods.com>
is rumored to have said:
My questions are:
1. Why was the magic value of "ORIGINATING" used in the Digital
Ocean example ?
It's not 'magic' but it is the value that Postfix uses as an example in
master.cf.
2. Can I allow the default value of: milter_macro_daemon_name to
be used _WITHOUT_ affecting OpenDKIM and ClamAV ?
That depends on what you want to do with those milters.
If you want to handle incoming (smtp) and outgoing (smtps and/or
sumbission) mail differently in your milters, you need a way for the
milters to tell the difference. The ${daemon_name} macro is the usual
way for a milter to make that differentiation. It is almost certain that
you want OpenDKIM to deal with inbound and outbound mail differently
(signing or verifying.) Using the default value of
milter_macro_daemon_name for all of the smtp-like services that use
milters eliminates the ability of your milters to make that
differentiation. Check the documentation of your milters for details.
Hi Bill,
Thanks for your reply.
You're right - I didn't realize that the master.cf file that ships with
Postfix uses the same value of "ORIGINATING" for both submission and
smtps. With that being the case I can see that Digital Ocean is
including this as well and is not an arbitrary value introduced by their
tutorial.
Yes, I have different functionality for different mail flows. For
submission, where clients are submitting e-mail to be relayed, I make
use of OpenDKIM to DKIM sign those messages and the ClamAV milter to see
if anyone submitting e-mail is in fact sending attachments with malware
(which would indicate that those clients are infected).
Mail to and from "the world" is via an smtpd instance, For inbound
e-mail from "the world" I use a Python policy program to check SPF,
OpenDKIM to validate DKIM signatures and OpenDMARC to check DMARC.
As it stands right now I have not changed any of the milters to examine
the daemon name of "ORIGINATING" and everything is working.
Is this because I have separate flows - submission and smtpd ?
Thanks,
- J
