On Wed, November 9, 2016 11:39 am, Walter Alejandro Iglesias wrote: > On Wed, Nov 09, 2016 at 09:27:58AM -0500, trondd wrote: >> On Wed, November 9, 2016 9:14 am, Walter Alejandro Iglesias wrote: >> > Hi everyone, >> > >> > First of all, is dkimproxy a work in progress? >> > >> > If it's not, then the long one. I've tried something similar to >> > the example in smtpd.conf(5). Outgoing messages don't get signed. >> > >> > >> > # dkim-genkey -s default -d mydomain.com -r -D /var/dkimproxy >> > >> > /etc/dkimproxy_out.conf >> > ----------------------------------- >> > listen 127.0.0.1:10027 >> > relay 127.0.0.1:10028 >> > domain mydomain.com >> > signature dkim(c=relaxed) >> > signature domainkeys(c=nofws) >> > keyfile /var/dkimproxy/default.private >> > selector default >> > >> > >> > /etc/mail/smptd.conf >> > ----------------------------------- >> > egress_int="em0" >> > server="server.mydomain.com" >> > ca $server certificate "/etc/ssl/acme/chain.pem" >> > >> > table aliases file:/etc/mail/aliases >> > table valiases file:/etc/mail/valiases >> > table vdomains file:/etc/mail/vdomains >> > table addresses file:/etc/mail/addresses >> > table users file:/etc/mail/users >> > >> > pki $server certificate "/etc/ssl/acme/cert.pem" >> > pki $server key "/etc/ssl/acme/private/privkey.pem" >> > >> > listen on lo0 >> > listen on lo0 port 10028 tag DKIM >> > listen on $egress_int port 25 tls pki $server >> > listen on $egress_int port 465 smtps pki $server auth senders <users> >> > masquerade >> > >> > accept from any for domain <vdomains> virtual <valiases> deliver to >> mbox >> > accept for local alias <aliases> deliver to mbox >> > accept tagged DKIM for any relay >> > accept from local sender <addresses> for any relay via >> > smtp://127.0.0.1:10027 >> > >> > >> > Do I need to do something else? (running current) >> > >> > >> > Walter >> > >> >> Did you add the public key part to DNS for your domain? What's going on >> in maillog? > > I forgot to mention that, yes, I added the DNS record and checked its > validity using this site: > > http://dkimcore.org/tools/keycheck.html > > That tells me it's ok. Then I been sending to this testing address: > > check-a...@verifier.port25.com > > where I'm told (in a replay to my same address) the message isn't signed. > > /var/log/maillog just shows the message as correctly delivered: > > Nov 9 14:16:39 server smtpd[68603]: 44fc40aeb913cba0 mta event=delivery > evpid=1da22dbaa5825b53 from=<.*@mydomain.com> > to=<check-a...@verifier.port25.com> rcpt=<-> source="192.168.1.101" > relay="??.??.??.??" (verifier.port25.com)" delay=2s result="Ok" stat="250 > 2.6.0 message received" > > >> Are the mails being forwarded to dkimproxy_out and back into >> smtpd as expected? >> > > How can I check this? >
Should also be in the maillog. You should see smtpd accept the initial connection and relay it to 127.0.0.1 10027. Then accept a new connection from 127.0.0.1 or localhost and relay to the destination. If you don't see that, you can use tcpdump to see if the proxy is ever contacted. You can also trace which rules smtpd matched on. man smtpctl and search for trace. I run this at home, but can't access the machine from where I am. I can double check your configs later.
