On 11/8/2011 10:35 PM, Simon Brereton wrote: > On 8 November 2011 15:30, Wietse Venema <wie...@porcupine.org> > wrote: >> Simon Brereton: >>> On 4 November 2011 15:49, Simon Brereton >>> <simon.brere...@buongiorno.com> wrote: >>>> Hi >>>> >>>> Amavis checks both incoming and outgoing mail. ?DKIMPROXY >>>> signs outgoing mail (sadly, before Amavis, so amavis >>>> verifies the signature - but I'm okay with that for now) >>>> on the submission port. >>>> >>>> Mail that is injected (i.e. from CRON, applications, >>>> etc), still passes through amavis (obviously) but doesn't >>>> get signed. ?I would like to sign those mails as well. >>>> >>>> As I was writing this, it occurred to me that the way to >>>> do that is to add the content filter in master.cf >>>> >>>> ? -o content_filter=dksign:[127.0.0.1]:10028 >>>> >>>> I think I need to add that to the pickup line - is that >>>> correct? ?If not, where do I add it so that mails that >>>> are injected are added? >>> >>> Well in the absence of any one telling me not to be stupid, >>> I went ahead and tried that. It wasn't a miserable >>> failure, but it didn't do anything. >> >> First, you can add -o content_filter to the pickup daemon >> only if your content filter is based on SMTP otherwise you >> get an infinite loop. >> >> Second, you need to add the same -o content_filter >> information as with the smtpd line. There is nothing magical >> about filters, except perhaps that DKIMPROXY expects to see >> message headers that the pickup daemon cannot provide. >> >> Wietse >> >>> If anyone has any pointers on how to do this (or if you'd >>> like to tell me it's not possible and why) that would be >>> great. > > > I don't think this is your fault - but that went completely > over my level of smtp understanding. > > Putting the content filter in the pickup (exactly as it is in > in the smtpd) doesn't appear to do anything. But then I expect > that's related to your comment about the content-filter being > based on smtp.. I don't get an infinite loop. I don't get > anything. > > I think I'll have to wait until I start running separate > amavis/postfix processes to figure this out. > > Simon
I think you should spend 15 minutes to get amavisd-new to do your DKIM signing and drop dkimproxy. Better performance, simpler setup, one less critical component in the mail path. See the amavisd-new release notes and docs for further info. -- Noel Jones