[pfx] Re: OpenDKIM is added twice

Tue, 24 Dec 2024 07:05:08 -0800 

Hi Matus,
As suggested by Wietse and you, I want to add the DKIM signature to amavis in conjunction with OpenDKIM, but I'm not yet where I need to be with the configuration. 


I manage to get a signature added, but there are problems with the 
socket. The following is configured in /etc/opendkim.conf:



# Socket for the MTA connection (required). If the MTA is inside a 
chroot jail,
# it must be ensured that the socket is accessible. In Debian, Postfix 
runs in

# a chroot in /var/spool/postfix, therefore a Unix socket would have to be
# configured as shown on the last line below.
#Socket                 local:/run/opendkim/opendkim.sock
#Socket                 inet:8891@localhost
#Socket                 inet:8891
#Socket local:/var/spool/postfix/opendkim/opendkim.sock
Socket                  inet:8892@localhost

And in the /etc/postfix/main.cf file:

# Milter configuration
milter_default_action = accept
milter_protocol = 6

smtpd_milters = local:opendkim/opendkim.sock, 
local:opendmarc/opendmarc.sock, inet:127.0.0.1:8892
non_smtpd_milters = local:opendkim/opendkim.sock, 
local:opendmarc/opendmarc.sock, inet:127.0.0.1:8892


But I get error messages like this one in the mail.log:


Am 24.12.2024 um 15:44 schrieb Matus UHLAR - fantomas via Postfix-users:

On 24.12.24 09:08, Andreas Kuhlen via Postfix-users wrote:

I have to correct myself. If I only add the no_milters here, a DKIM 
signature is added and the header check also works, it looks like, 
but for the body is reported:


127.0.0.1:10025   inet   n    -     n     -     -    smtpd
    -o syslog_name=postfix/10025
[ ... ]

    -o 
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings,*no_milters*


Authentication-Results: mx.google.com;

      [email protected] header.s=default 
header.b="SD5q/dfp";
      *dkim=neutral (body hash did not verify) 
[email protected] header.s=default header.b=kyrK6Z3o;*


Perhaps I should test whether I let amavis handle the DKIM?


Yeah, this should help.
On systems with both amavis and opendkim I use amavis to dkim-sign.



_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]






















					Reply via email to