On 5/24/22 03:36, Matus UHLAR - fantomas wrote:
On 23.05.22 19:31, James Feeney wrote:
My understanding has been that a milter can also *modify* a mail message, including both
the message body and the message headers. And then, what version of a mail message will
a subsequent milter "see" after a preceding milter has acted upon the mail
message?
subsequent milters will see message as modified with previous milter.
Thanks very much for that!
That simple but important point seems to be missing from the Postfix "Milter
Readme".
What I'm wondering is, is it possible - or even reasonable - to have OpenDKIM "sign"
outgoing messages, and have Rspand "verify" incoming messages? Or, that's not going to
work?
since milters run when message is received, every message processed by milter
is by definition incoming.
Ah! Ok - so Postfix - the Milter Protocol - does not directly provide any information about
"outgoing". Hmm - I suppose that, still, a milter could always compare the RCPT TO with
its own idea of the "local" domain...
note that when you submit message to postfix, it's "incoming".
That's very useful! Still, Postfix itself distinguishes "sender", "relay", and "recipient", and
has its own notion of "mynetworks" and "mydomain".
Apparently, then, those distinctions, by Postfix, are not incorporated directly
into the Milter Protocol.
opendkim has ways to decide when the message is to be signed, check its docs.
Ok - I see, man 5 opendkim.conf has:
Domain (dataset)
A set of domains whose mail should be signed by this filter. *Mail
from other domains will be verified rather than being signed.* [Emphasis added]
So, this "incoming/outgoing" distinction is all up to the milter itself - in a sense,
"redundantly", with respect to Postfix - and nothing to do with Postfix directly. And
then, each milter in a sequence will be separately required to establish its own references.
Again, another simple but important point that should be incorporated into the Postfix
"Milter Readme". The barest outlines of the Milter Protocol are missing there.
James
