Greetings, Wietse Venema! > Andrey Repin: >> Greetings, All! >> >> I just discovered that mail generated locally (i.e. introduced by pickup >> daemon) is not signed. >> >> Digging in documentation, I've found >> http://www.postfix.org/postconf.5.html#non_smtpd_milters
> That's what I use for signing this local submission. I understand that it's usable (it doesn't take much time to flip the switch and run sendmail to test, postconf is a wonderful tool!), but a note on its scope made me nervous. Though, if not using QMQP daemon, it seems harmless enough to use. >> And then there's rather old post on SO >> https://serverfault.com/a/547778/208335 >> which says that even if it's enabled, the reports generated by postfix itself >> will still not be signed. > I use 'internal_mail_filter_classes = bounce' for that. > Maybe that should have finer granularity: it may be OK to inspect > bounces with Milters, but it may not be OK with header/body_checks. Yes, I see how this can be a problem. Is there a way around it? How are the bounces/notifications introduced to the queue? May be some parameter there could enable just the necessary processing? Or may be the queue itself could run the signer somehow? -- With best regards, Andrey Repin Monday, February 18, 2019 21:00:01 Sorry for my terrible english...
