Postfix, Amavisd and DKIM

Mon, 10 May 2010 20:25:44 -0700 

Just reading from amavisd docs on the how set up
DKIM and I was wondering if this section of their documentation
is correct:

Configuring multiple mail paths in Postfix

Here is one way of configuring Postfix for providing two paths through a 
content filter. Locally submitted or authenticated mail will go to a content 
filter to its port 10026 and will be signed on its way out (either by amavisd 
or by a signing milter). All other mail (incoming) will be diverted to port 
10024 for normal content filtering, and will not be eligible for signing.

main.cf:

  # on re-queueing of a message smtpd_*_restrictions do not apply,
  # so we'd better provide a safe default for a content_filter,
  # even at an expense of later flipping the choice twice
  # (which adds a bit to log clutter, but never mind)
  #
  content_filter = amavisfeed:[127.0.0.1]:10024

  # each triggered FILTER deposits its argument into a
  # content_filter setting, the last deposited value applies
  #
  smtpd_sender_restrictions =
    check_sender_access regexp:/etc/postfix/tag_as_originating.re
    permit_mynetworks
    permit_sasl_authenticated
    permit_tls_clientcerts
    check_sender_access regexp:/etc/postfix/tag_as_foreign.re

  # Make sure to assign FILTER tags in restrictions which
  # are only invoked once per message, e.g. client or sender
  # restrictions, but NOT on smtpd_recipient_restrictions,
  # as a message may have multiple recipients, so multiple
  # passes through FILTER tag assignments can yield a
  # surprising (and incorrect) result.

/etc/postfix/tag_as_originating.re:

  /^/  FILTER amavisfeed:[127.0.0.1]:10026

/etc/postfix/tag_as_foreign.re:

  /^/  FILTER amavisfeed:[127.0.0.1]:10024

In master.cf set up two listening smtpd services for receiving filtered mail 
from amavisd (as per README.postfix), one on tcp port 10025 (for inbound mail) 
and the other on port 10027 (for originating mail). If a signing milter is in 
use it will be attached to a smtpd service on 10027 only. If no milters are in 
use and signing is done by amavisd, both smtpd services can have exactly the 
same settings, and in fact only one suffices, in which case redirecting 
$forward_method and $notify_method to 'smtp:[127.0.0.1]:10027' in later example 
can be disregarded.

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
Coming close to 15 years in business

Reply via email to