I'm setting up a server to handle outbound mail for sasl auth accounts and
would like to scan that mail for spam and malware before DKIM signing
because I assume scanning might potentially add headers that could break
the sig.
Right now I have the following (extract) in my Amavis conf:
$interface_policy{'10026'} = 'ORIGINATING';
$policy_bank{'ORIGINATING'}
# forward to a smtpd service providing DKIM signing service
forward_method => 'smtp:[127.0.0.1]:10027',
notify_method => 'smtp:[127.0.0.1]:10025',
With master.cf as:
submission inet n - n - - smtpd
... configs...
-o content_filter=smtp-amavis:[127.0.0.1]:10026
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
# For sending notifications about actions
127.0.0.1:10025 inet n - n - - smtpd
-o syslog_name=notify
....configs...
# For OpenDKIM signing
127.0.0.1:10027 inet n - n - - smtpd
... configs...
-o smtpd_milters=inet:127.0.0.1:8891
So I assume DKIM should come last. But the logs imply the spam/virus check
is done after?
postfix/cleanup[1685]: BB20880330:
message-id=<20240705073351.001500@fre.localdomain>
opendkim[700]: BB20880330: DKIM-Signature field added (s=dkim20200516, d=
bakerbates.com)
postfix/qmgr[1558]: BB20880330: from=<u...@domain.com>, size=945, nrcpt=1
(queue active)
amavis[1563]: (01563-01) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL
[192.168.0.241]:51084 [etc.]
postfix/smtp[1686]: 76C0C80266: to=<gilgongo@localdomain>,
relay=127.0.0.1[127.0.0.1]:10026, [etc.]
postfix/qmgr[1558]: 76C0C80266: removed
Unfortunately, I can't tell whether the DKIM sig is OK or not in my test
setup, but I'd like to ensure it's the last thing to happen before sending.
How can I do that?
Jonathan
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
