According to this
<https://poolp.org/posts/2018-05-21/switching-to-opensmtpd-new-config/>,
even in new config syntax the matching rule order is still important. In
your config you have:
match from any for domain <domains> action "virtual-users"
(...)
match from any for domain <domains> action "spampd-in"
Those match rules are the same, this way the spamd-in action will never
be reached. And then:
->>match auth tag DKIM_OUT<<- for any action "outbound"
I'm not an expert, but this doesn't seem right for two reasons:
1. DKIMProxy only signs outgoing emails, it doesn't authenticate anywhere.
2. If I'm correct, then auth action must be followed by an auth table.
W dniu 2019-03-12 o 12:22, Denis pisze:
I have working setup for three domains serving. Currently I use only one
domain3.com. Dovecot role as IMAP server.
Trying to add DKIM signing functionality for outgoing mail and spampd
checking for incoming mail, but unsuccessful.
-----------------
Both DKIM (port 10027) and spampd (port 10025) are running and listen.
smtpd listens for DKIM (port 10028) and SPAM_IN (port 10026).
# netstat -an | grep 1002
tcp 0 0 127.0.0.1.10025 *.* LISTEN
tcp 0 0 127.0.0.1.10026 *.* LISTEN
tcp 0 0 127.0.0.1.10027 *.* LISTEN
tcp 0 0 127.0.0.1.10028 *.* LISTEN
-----------------
When I enable features related to spampd and DKIM I have the mailer
error message:
"An error occured while sending mail. The mail server responded:
Invalid recipient.
Please check the message recipient "destinat...@domain.tld" and try again."
...
# listen for local proxies out
listen on lo0 port 10026 tag SPAM_IN
listen on lo0 port 10028 tag DKIM_OUT
...
### sign emails by DKIM proxy & tag untagged by SpamAssassin (spampd)
match from any for domain <domains> action "spampd-in"
match from local for any action "dkim-sign"
...
### outgoing mail
match auth tag DKIM_OUT for any action "outbound"
...
-----------------
Please advise
Full production (working) configuration is below:
# cat smtpd.conf
# $OpenBSD: smtpd.conf,v 1.11 2018/06/04 21:10:58 jmc Exp $
# This is the smtpd server system-wide co7nfiguration file.
# See smtpd.conf(5) for more information.
### pki
pki smtp.domain1.com cert "/etc/ssl/mail/smtp.domain1.com.crt"
pki smtp.domain1.com key "/etc/ssl/mail/private/smtp.domain1.com.key"
pki smtp.domain2.com cert "/etc/ssl/mail/smtp.domain2.com.crt"
pki smtp.domain2.com key "/etc/ssl/mail/private/smtp.domain2.com.key"
pki smtp.domain3.com cert "/etc/ssl/mail/smtp.domain3.com.crt"
pki smtp.domain3.com key "/etc/ssl/mail/private/smtp.domain3.com.key"
pki smtp.domain3.com dhe auto
smtp max-message-size 20M
### tables
table sources {1.2.3.4}
table helonames {1.2.3.4 = smtp.domain3.com}
table aliases db:/etc/mail/aliases.db
table domains file:/etc/mail/domains
table virtuals file:/etc/mail/virtuals
table passwd file:/etc/mail/passwd
### listen ports
listen on lo0 tls pki smtp.domain3.com hostnames {1.2.3.4 =
smtp.domain3.com}
listen on lo0 smtps auth <passwd> pki smtp.domain3.com hostname
smtp.domain3.com
listen on lo0 port submission tls-require auth <passwd> pki
smtp.domain3.com hostname smtp.domain3.com
# listen for local proxies out
#listen on lo0 port 10026 tag SPAM_IN
#listen on lo0 port 10028 tag DKIM_OUT
### actions
#action "lmtp-local" mda "/usr/libexec/mail.lmtp"
action "local-aliases" lmtp "/var/dovecot/lmtp" rcpt-to alias <aliases>
action "virtual-users" lmtp "/var/dovecot/lmtp" rcpt-to virtual <virtuals>
action "relay-to-backup-mx" relay backup mx smtp1.domain3.com
action "spampd-in" relay host smtp://127.0.0.1:10025
action "dkim-sign" relay host smtp://127.0.0.1:10027
action "outbound" relay src <sources> helo-src <helonames>
### local messages
#match from local for local action "lmtp-local"
match from local for local action "local-aliases"
match tag SPAM_IN for local action "local-aliases"
### vitual users messages
match from any for domain <domains> action "virtual-users"
match tag SPAM_IN from any for domain <domains> action "virtual-users"
### sign emails by DKIM proxy & tag untagged by SpamAssassin (spampd)
#match from any for domain <domains> action "spampd-in"
#match from local for any action "dkim-sign"
### outgoing mail
#match auth tag DKIM_OUT for any action "outbound"
match auth from any for any action "outbound"
