On 24.10.23 14:35, Nick Edwards via Postfix-users wrote:
I need a refresher hand with DKIM, we have in main.cf
smtpd_milters = inet:127.0.0.1:8891,inet:127.0.0.1:8892
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
spfpolicy_time_limit = 3600
milter_protocol = 6
DKIM is 8891, DMARC is 8892 we had questions that it is not signing those
who use smtps or submission
dmarc does no signing, DKIM does, but the milter must decide to sign.
look at your dkim config, with opendkim perhaps the "LogWhy" option.
master.cf says
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=$submission_client_restrictions
-o smtpd_recipient_restrictions=$submission_recipient_restrictions
-o receive_override_options=no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_data_restrictions=
-o smtpd_client_connection_rate_limit=1000
-o content_filter=
submission is identical - almost, we don't include
smtpd_milters = inet:127.0.0.1:8891 in smtps and submission,
is this needed? I was thinking non_smtpd_foo basically means it is
included, but then you wouldn't do dmarc checking there so I got to
thinking again, maybe not..
If you don't override smtpd_milters in master.cf for smtps/submission
services, the default settings (from main.cf) will apply.
Note that you don't need dmarc for outgoing mail, just DKIM signing.
Just asking the collective guru's here before I change/break anything given
my lengthy time away for running pf boxes :)
maybe an above option is cancelling out something?
--
Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
LSD will make your ECS screen display 16.7 million colors
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
