Le 01/08/2018 à 14:17, ѽ҉ᶬḳ℠ a écrit : >>> Having sorted PAM SMTPAUTH the user/client 172.25.120.2 is now treated >>> as server's local user and filter rules using from local are matched. >>> Thence, amended >>> >>> [ accept from source 172.25.120.2 for any relay via >>> smtp://127.0.0.1:10027 ] to [ accept from source 172.25.120.2 for any >>> relay ] and DKIM is working now for that client as well. >>> >>> Appreciate the feedback/assistance provided here. >> The matching rule for you should now be: >> >> accept (from local) for any relay viasmtp://127.0.0.1:10027 >> >> This rule matching would again bypass DKIM and is redundant: >> >> accept from source 172.25.120.2 for any relay >> > The way is set and working now: > > listen on lo inet4 port 25 tls-require hostname mail mask-source tag lo
`tls-require` on `lo` is a bit strange… `mask-source` too. > listen on lo inet4 port 587 smtps hostname mail mask-source tag lo > listen on eth0 inet4 port 25 tls-require auth hostname mail mask-source tag > lan Do you intend to receive mail from other mail servers? Because using `auth` here will prevent that. `tls-require` likely too in my experience (unfortunately a lot of mail providers still don’t use TLS at all). Also I’m not sure `mask-source` is relevant here, but I might be wrong. > listen on eth0 inet4 port 587 smtps auth hostname mail mask-source tag lan > listen on lo port 10028 mask-source tag DKIM > > accept tagged DKIM for any relay > accept for any relay via smtp://127.0.0.1:10027 > accept from local for any relay > accept from source 172.25.120.2 for any relay Those last two lines are useless: everything that would match them will already have matched one of the first two. Regards, Bruno
signature.asc
Description: OpenPGP digital signature