Solved it already.Did split up the OpenDKIM process into 2 instances, one running as verifier, placed before any content modification, and one running as signer, placed after any content modification. I also moved the SPF signature validator to the instance before content modification. That was not because SPF signatures has with content to do, rather it was because the old SPF signature validator I had, was a policy script checking against MAIL FROM. The new SPF signature validator checks against the "From:" MIME header, which raises security, but milters do not get access to the XFORWARD client IP, thus I had to move the milter to "the front" so it sees the real IP.
-----Ursprungligt meddelande----- From: Viktor Dukhovni
Sent: Monday, March 09, 2015 5:15 AM To: postfix-users@postfix.org Subject: Re: Reversing order when mail is local (not relayed)? On Mon, Mar 09, 2015 at 12:43:14AM +0100, Sebastian Nielsen wrote:
How can this be accomplished?
Don't mix the relay and inbound services in the same Postfix. Setup one Postfix to receive inbound mail from outside. Setup another Postfix to handle outbound mail from inside. For extra brownie points, arrange for bounces from either (bounces follow the reverse path) to be relayed to the other, by adding transport entries that shunt inbound mail from the outbound MTA to the inbound MTA and the converse. This helps with DKIM signing and any other direction-dependent content processing. http://www.postfix.org/MULTI_INSTANCE_README.html (this also separates local submission on the MTA into a separate null-client instance, which is also a good idea if I do say so myself). --Viktor.
smime.p7s
Description: S/MIME Cryptographic Signature