Andreas,
> First, emails only arrive with a dkim-signature if i do add the
> following to the amavis config:
> $interface_policy{'10024'} = 'DKIM_ALWAYS';
> $policy_bank{'DKIM_ALWAYS'} = {
> originating => 1,
> };
Yes, as documented, the 'originating' flag must be on to enable signing
(and additionally, a signing key corresponding to a sender address
must be available).
How you turn on the 'originating' flag is up to you. An implicit
way is through a client's IP address matching @mynetworks,
an explicit way is through a policy bank. How you trigger loading
of a suitable policy bank depends on a mail flow topology / on MTA
configuration. Typically a policy bank is attached to a TCP port number,
but can be also loaded by a custom hook for more tricky needs.
> but amavis doesn't do authentication if i send mail from
> m...@onedomain.de to m...@otherdomain.de probably because both are on
> the same machine.
Depends on how you have a MTA set up. Are you sure mail is passing
through amavisd at all when sending from a host itself to a local user?
How is your content_filter Postfix setting applied: globally, or
per postfix service, or by a FILTER option in a Postfix access table?
> if i do send myself a mail from google mail to m...@onedomain.de amavis
> does authenticate it and append the "Authentication-Results" Header with
> the passed authentication info.
Now you are talking about DKIM verification. Amavisd either signs or
verifies a signature, but not both for the same mail passage.
> I would like to make amavis to do that for mails from one local domain
> to another also, is this possible?
Possible. The key issues for signing by amavisd is to have 'originating'
flag on, and a signing key matching the From address available.
See:
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim-postfix-dual-path
for some ideas.
If all your users are within your networks, then the setup is easy, the
correct setting of @mynetworks suffices to get the 'originating' flag set.
Otherwise, if some of your users are outside and are using some sort of
SMTP authentication to submit mail, you need to configure Postfix to
pass originating mail to amavisd on a separate port, to distinguish it
from incoming mail. Attaching different content_filter Postfix options
to different Postfix smtpd services (or using separate MTA instance
dedicated to mail submission) is the cleanest solution. A more messy
solution is to fiddle with FILTER option in Postfix access tables,
like using some access table in smtpd_sender_restrictions.
If you are not sure why some signing does not take place, turn up
amavisd logging to level 2 or more, and search the log for " dkim: "
Mark
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
