On 09/17/2011 10:34 PM, Patrick Ben Koetter wrote:
* alex<m...@deltaindigo.ro>:
Hi
I have a problem with messages signed by my server. All messages
send from any email client(tb, webmail) , fail verification with :
dkim=softfail (fail, message has been altered)
except messages send from command line (telnet, sendmail).
Software use is: centos 6 (x86_64), postfix 2.8.0/2.8.5,
dkim-milter-2.8.3-8.el6.x86_64, no content filtering.
I can't find anything in my config that could modify the body of the
message after is signed.
Any suggestions?
Show 'postconf -n' and the mail processing chain. We need to know all
components that might alter an outgoing message.
p@rick
Hi
this is my postconf -n
alias_maps = proxy:mysql:/etc/postfix/maps/alias_maps.cf
anvil_rate_time_unit = 60s
biff = no
body_checks = pcre:/etc/postfix/maps/deferred_checks.pcre
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
command_directory = /usr/local/postfix/sbin
config_directory = /etc/postfix
daemon_directory = /usr/local/postfix/libexec
data_directory = /var/lib/postfix
debug_peer_level = 2
delay_warning_time = 0d
disable_vrfy_command = yes
header_checks = pcre:/etc/postfix/maps/anonymization_sender.pcre
home_mailbox = Maildir/
html_directory = no
inet_interfaces = xx.xx.xx.xx 127.0.0.1
local_destination_concurrency_limit = 10
local_recipient_maps = $alias_maps $virtual_mailbox_maps
proxy:unix:passwd.byname
mail_owner = postfix
mailbox_command = /usr/local/libexec/dovecot/deliver
mailq_path = /usr/local/postfix/bin/mailq
manpage_directory = /usr/local/man
maximal_queue_lifetime = 3d
message_size_limit = 34048000
milter_default_action = accept
milter_protocol = 6
mydestination = $myhostname
mydomain = domain.tld
myhostname = xxxx.domain.tld
mynetworks = 127.0.0.0/8, xx.xx.xx.xx
myorigin = $myhostname
newaliases_path = /usr/local/postfix/bin/newaliases
non_smtpd_milters = inet:localhost:4443
proxy_read_maps = $local_recipient_maps $alias_maps $mydestination
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps
$virtual_mailbox_domains $relay_recipient_maps $relay_domains
$canonical_maps $sender_canonical_maps $recipient_canonical_maps
$relocated_maps $transport_maps $smtpd_sender_login_maps
$smtpd_client_restrictions $recipient_bcc_maps $sender_bcc_maps
proxy:mysql:/etc/postfix/maps/check_client_access.cf
proxy:mysql:/etc/postfix/maps/check_sender_access.cf
proxy:mysql:/etc/postfix/maps/check_sender_policyd.cf
proxy:mysql:/etc/postfix/maps/check_sender_domain.cf
proxy:mysql:/etc/postfix/maps/recipient_bcc.cf
proxy:hash:${config_directory}/maps/permit_somespam_to
proxy:hash:${config_directory}/maps/permit_allspam_to
proxy:hash:${config_directory}/maps/internet_access_to
queue_directory = /var/spool/postfix
readme_directory = no
recipient_bcc_maps = proxy:mysql:/etc/postfix/maps/recipient_bcc_maps.cf
relay_domains = proxy:mysql:/etc/postfix/maps/relay_domains.cf
relocated_maps = proxy:mysql:/etc/postfix/maps/relocated_maps.cf
sample_directory = /etc/postfix
sender_bcc_maps = proxy:mysql:/etc/postfix/maps/sender_bcc_maps.cf
sender_dependent_relayhost_maps = hash:/etc/postfix/maps/relayhost_map
sendmail_path = /usr/local/postfix/sbin/sendmail
setgid_group = postdrop
smtp_helo_name = xxxx.domain.tld
smtp_tls_note_starttls_offer = yes
smtp_use_tls = no
smtpd_client_connection_count_limit = 360
smtpd_client_connection_rate_limit = 360
smtpd_client_message_rate_limit = 360
smtpd_client_recipient_rate_limit = 360
smtpd_client_restrictions = check_client_access
proxy:mysql:/etc/postfix/maps/check_client_access.cf
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_helo_hostname
smtpd_milters = inet:localhost:4443
smtpd_recipient_restrictions = check_permit_allspam,
reject_non_fqdn_recipient, reject_unknown_sender_domain,
reject_unknown_recipient_domain, check_sender_access
hash:/etc/postfix/maps/check_bounce_sender,
check_recipient_access hash:/etc/postfix/maps/recipient_access,
permit_mynetworks, permit_sasl_authenticated,
reject_non_fqdn_helo_hostname, reject_unauth_destination,
check_permit_somespam, check_policy_service inet:127.0.0.1:10123,
permit_auth_destination, permit_mx_backup, permit
smtpd_restriction_classes = check_bounce_recipient,
check_permit_allspam, check_permit_somespam,
check_internet_access
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps =
proxy:mysql:/etc/postfix/maps/smtpd_sender_login_maps.cf
smtpd_sender_restrictions = reject_non_fqdn_sender,
check_sender_access
proxy:mysql:/etc/postfix/maps/check_sender_access.cf,
check_sender_access
proxy:mysql:/etc/postfix/maps/check_sender_domain.cf,
reject_unauth_destination
smtpd_starttls_timeout = 180s
smtpd_timeout = 150s
smtpd_tls_CAfile = ${config_directory}/ssl/domain.tld.cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = ${config_directory}/ssl/domain.tld.cert.pem
smtpd_tls_key_file = ${config_directory}/ssl/domain.tld.key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database =
btree:${data_directory}/smtpd_tls_session_cache
smtpd_tls_session_cache_timeout = 7200s
strict_rfc821_envelopes = yes
syslog_name = postfix_87
tls_random_exchange_name = ${data_directory}/prng_exch
tls_random_prng_update_period = 3600s
tls_random_reseed_period = 2700s
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/maps/transport_maps.cf
unknown_local_recipient_reject_code = 550
virtual_alias_maps =
proxy:mysql:/etc/postfix/maps/virtual_email2email.cf
proxy:mysql:/etc/postfix/maps/virtual_alias_maps.cf
virtual_destination_recipient_limit = 100
virtual_gid_maps = static:1002
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains =
proxy:mysql:/etc/postfix/maps/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/maps/virtual_mailbox_maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:1002
