Thomas R.:
> Hello,
>
> OpenDKIM bases its decision whether mail can be signed on, among other
> things, the connecting IP. However this only works if there has been no
> SMTP relay or proxy prior to the mail reaching the milter. If there has
> been, OpenDKIM sees the IP address of the relay/proxy and treats it as
> "trusted". This leads to it signing some incoming mail (if the From:
> has been forged to use my domain name).
>
> My setup for incoming smtpd mail currently has proxsmtp acting as an
> SMTP proxy - this scans mail using bogofilter.
>
> Setup:
>
> Incoming mail -> postfix (25) -> proxsmtp (10025) -> postfix
> (10026) + opendkim milter -> cleanup, queue, etc.
>
> XFORWARD is verified to be working through proxsmtp - this is confirmed
Use XCLIENT!
XFORWARD is for LOGGING.
XCLIENT is for IMPERSONATION.
Wietse
