On 2021-05-16 02:21, J Doe wrote:
Hi Benny,
Thanks for your reply.
I haven't changed the OpenDKIM configuration script to have:
MTA=ORIGINATING and my mail flows still seem to work:
it depends :=)
1. Clients submitting e-mail via submission have their e-mail DKIM
signed.
if just opendkim know 127.0.0.1 as internal its works, some needs more
ips to be own, but with the mta macro, ooendkim trust postfix service is
originating without define any ips in opendkim
2. Mail from the world has SPF, DKIM and DMARC validated.
thats inbound, not outbound
mta= is only for outbound
check logs for opendkim on what it does or not does, with the mta trick
you wont dkim sign forged senders in port 25, even if envelope sender is
local
The Digital Ocean tutorial does not say that e-mail has to be
submitted only via submission, but all my clients submit it this way
with SASL AUTH. I do not have SASL AUTH on my port 25 e-mail.
good, i just hope this stops on my mx.junc.eu, sadly its not just DO
