On 27.10.2021 20:04, p...@mostlybsd.com wrote:
Hello!
I noticed my system messages fail DKIM due to "signature verification
failed" and also when I send from a local user to a local user.
In /etc/mail/aliases I have:
root: usern...@example.net
This is the command I use to fail DKIM:
$ mail root
This is the command I use to pass DKIM:
$ mail usern...@example.net
The only difference I can see in the received message headers is
different To:
Failed DKIM:
To: r...@hostname.example.com
Passed DKIM:
To: usern...@example.net
And when running with the dkimsign -z option, I can see in the z=:
Failed DKIM:
To:=20root
Passed DKIM:
To:=20usern...@example.net
I have the following rules in /etc/mail/smtpd.conf
(non-applicable configurations redacted for brevity):
table aliases file:/etc/mail/aliases
filter "dkimsign_local_rsa" proc-exec "filter-dkimsign -z \
-d hostname.example.com -s 10172021 \
-k /etc/mail/dkim/10172021.rsa.key" user _dkimsign group _dkimsign
listen on socket filter "dkimsign_local_rsa"
listen on lo0 filter "dkimsign_local_rsa"
action "local_mail" mbox alias <aliases>
match for local action "local_mail"
I'm sure I have some basic lack of understanding of smtpd.conf,
because it seems like the signature is being added before the alias is
expanded (if that is correct term). In going through smtpd.conf(5), I
can't
figure out how to correct this.
I may be wrong, but I believe the domain for hostname.example.com should
still be example.com
Good luck,
Reio
