Update: signing by DKIM proxy must be the latest rule to prevent looping. Below is updated correct rules order.
listen on lo0 port 1030 tag DKIM_OUT action "dkim-sign" relay host smtp://127.0.0.1:1030 match tag DKIM_OUT for any action "outbound" match from local for any action "dkim-sign" Martin ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, March 10, 2020 6:13 PM, Martin <[email protected]> wrote: > Finally fixed smtpd looping behavior. > > /etc/dkimproxy_out.conf points to message signing keys which have > insufficient permissions to read. > > Affected rules: > > listen on lo0 port 1030 tag DKIM_OUT > action "dkim-sign" relay host smtp://127.0.0.1:1030 > ^^^^^^^^ > match from local for any action "dkim-sign" > ^^^^^^^^ > match tag DKIM_OUT for any action "outbound" > > Martin > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > On Tuesday, March 10, 2020 1:46 PM, Reio Remma <[email protected]> wrote: > >> Try running 'smtpd -d -T rules' and see what rule you're hitting. >> >> Or alternatively 'smtpctl trace rules' and look at maillog and later turn it >> off with 'smtpctl untrace rules'. >> >> match auth most likely doesn't work at all if you submit to port 25 without >> authentication. >> >> Good luck, >> Reio >> >> On 10/03/2020 15:35, Martin wrote: >> >>> table reject-subnet >>> file:/etc/mail/reject-subnet >>> (contains 192.168.2.0/24) >>> table reject-domain >>> file:/etc/mail/reject-domain >>> (contains nothing) >>> table reject-domain >>> file:/etc/mail/reject-domain-helo >>> (contains nothing) >>> >>> action "local-aliases" lmtp "/var/dovecot/lmtp" rcpt-to alias <aliases> >>> action "virtual-users" lmtp "/var/dovecot/lmtp" rcpt-to alias <virtuals> >>> action "spampd-in" relay host >>> smtp://127.0.0.1:10025 >>> action "dkim-sign" relay host >>> smtp://127.0.0.1:1027 >>> action "outbound" relay src <sources> helo-src <helonames> >>> >>> match from src <reject-subnet> for any reject >>> match from any mail-from <reject-domain> for any reject >>> match from any helo <reject-domain-helo> for any reject >>> >>> match from local for local action "local-aliases" >>> match tag SPAM_IN fro local action "local-aliases" >>> match from any for domain <domains> action "virtual-users" >>> match tag SPAM_IN from any for domain <domains> action "virtual-users" >>> >>> match tag DKIM_OUT for any action "outbound" >>> match auth from any for any action "outbound" >>> >>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ >>> On Tuesday, March 10, 2020 1:22 PM, Reio Remma >>> [<[email protected]>](mailto:[email protected]) >>> wrote: >>> >>>> On 10/03/2020 15:18, Martin wrote: >>>> >>>>> Hello list, >>>>> Undefined problem with mail infinite looping if I send messages from mail >>>>> server's localhost to any domains outside. >>>>> If I sent mail from mail server itself (from localhost) to aliased >>>>> addresses and virtuals on the same mail's server domain, all the >>>>> messages delivered fine even sent from localhost. >>>>> In two sentences: >>>>> Sending from localhost to 'remote' addresses > infinite loop >>>>> Sending from localhost to 'local' aliases and virtual users > all >>>>> works fine >>>>> In both ways I'm using Mutt locally on mail server. Mutt connects to >>>>> 127.0.0.1:25 in clear without any auth. >>>>> $ cat /etc/smtpd.conf >>>>> ... >>>>> table aliases db:/etc/mail/aliases.db >>>>> table virtuals db:/etc/mail/virtuals.db >>>>> listen on lo0 tls pki smtp.domain.tld mask-src no-dsn hostname >>>>> <heloname> tag SMTP >>>>> action "local-aliases" lmtp "/var/dovecot/lmtp" rcpt-to alias <aliases> >>>>> action "virtual-users" lmtp "/var/dovecot/lmtp" rcpt-to virtual <virtuals> >>>>> action "outbound" relay src <sources> helo-src <helonames> >>>>> match auth from any for any action "outbound" >>>> >>>> What are your other match rules (in correct order)? >>>> >>>> Reio >> >> -- >> Tervitades >> Reio Remma >> >> MR Stuudio OÜ >> Tondi 17b, 11316, Tallinn >> Tel +372 650 4808 >> Mob +372 56 22 00 33 >> [email protected] >> www.mrstuudio.ee
