On 18.11.23 18:16, Danil Smirnov via Postfix-users wrote:
I want to manipulate the headers (add and replace) of the outgoing mail
before the message is signed by Opendkim. If using smtp_header_checks I see
that the signature is broken - probably because Opendkim has signed the
message earlier in the pipeline.
smtp_header_checks is run when mail is being delivered to remote systems,
it's hard to do anything after this.
Especially when opendkim runs when mail is being received, before anything
other is done locally (I think everything except smtpd_proxy_filter).
Other milter(s) running before before opendkim can do that, since milter
interface supports adding and removeing headers.
The signing is configured via the following code:
postconf -e milter_protocol=2
postconf -e milter_default_action=accept
postconf -e smtpd_milters=inet:localhost:12301
postconf -e non_smtpd_milters=inet:localhost:12301
Is there a way to put my headers manipulation logic before the point when
the message is being signed?
I have worked around this issue by using separate postfix instance used for
outgoing mail, running opendkim milter. My main instance routes mail to this
instance via alternative port on localhost and the other instance signs the
mail by calling opendkim.
I have shortly described ther process here:
https://marc.info/?l=postfix-users&m=169860220412496&w=2
(I did srs as well, also implemented at the time mail was received)
There are other alternatives, e.g. using combined filter like amavis that
supports dkim signing and adding headers, perhaps combined with altermime.
I have no experience with this.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
