I'm setting up a server to handle outbound mail for sasl auth accounts and would like to scan that mail for spam and malware before DKIM signing because I assume scanning might potentially add headers that could break the sig.
Right now I have the following (extract) in my Amavis conf: $interface_policy{'10026'} = 'ORIGINATING'; $policy_bank{'ORIGINATING'} # forward to a smtpd service providing DKIM signing service forward_method => 'smtp:[127.0.0.1]:10027', notify_method => 'smtp:[127.0.0.1]:10025', With master.cf as: submission inet n - n - - smtpd ... configs... -o content_filter=smtp-amavis:[127.0.0.1]:10026 smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 # For sending notifications about actions 127.0.0.1:10025 inet n - n - - smtpd -o syslog_name=notify ....configs... # For OpenDKIM signing 127.0.0.1:10027 inet n - n - - smtpd ... configs... -o smtpd_milters=inet:127.0.0.1:8891 So I assume DKIM should come last. But the logs imply the spam/virus check is done after? postfix/cleanup[1685]: BB20880330: message-id=<20240705073351.001500@fre.localdomain> opendkim[700]: BB20880330: DKIM-Signature field added (s=dkim20200516, d= bakerbates.com) postfix/qmgr[1558]: BB20880330: from=<u...@domain.com>, size=945, nrcpt=1 (queue active) amavis[1563]: (01563-01) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [192.168.0.241]:51084 [etc.] postfix/smtp[1686]: 76C0C80266: to=<gilgongo@localdomain>, relay=127.0.0.1[127.0.0.1]:10026, [etc.] postfix/qmgr[1558]: 76C0C80266: removed Unfortunately, I can't tell whether the DKIM sig is OK or not in my test setup, but I'd like to ensure it's the last thing to happen before sending. How can I do that? Jonathan
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org