Re: [Djigzo users] DKIM

Sun, 27 Mar 2016 07:10:56 -0700 

Hi,
my first approach with "opendkim" does not work as "opendkim" uses milter and Ciphermail is a content filter. Milters are applied before content filters and the s/Mime signature modifies the body of the mail with the signature. This invalidates the DKIM signature. Took ma a day to figure this out as I was not aware of the described processing order. Finally I found this out just by reading the (previously ignored) headlines of http://www.postfix.org/FILTER_README.html and www.postfix.org/MILTER_README.html :-) 


See https://wiki.mhcsoftware.de/postfix_dkim_support (sorry, German) for 
details.


cheers
Matthias



Am 24.03.2016 um 20:35 schrieb Matthias Henze:

Hi,

my mail server (Kerio) can apply DKIM signatures. Piping DKIM signed
mails through Ciphermail disrupts the validity of the DKIM signatures.
Postfix on the Ciphermail server has to apply the DKIM signature after
the mail was processd by Ciphermail. This could be achieved by following
these howtos:

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy


http://unixwars.blogspot.de/2015/01/8bitmime-and-dkim-body-authentication.html


The second is required at my site because without it mails sent by
Thunderbird fail validation by remote servers. My master.cf now looks
like this:


smtp      inet  n       -       -       -       -       smtpd
             -o
message_size_limit=${djigzo_before_filter_message_size_limit}
             -o content_filter=smtp-downconvert:127.0.0.1:10026
pickup    fifo  n       -       -       60      1       pickup
...
...
...
# cleanup for reinject so we can set the hopcount_limit differently for
the reinjection port
cleanup_reinject unix  n       -       -       -       0       cleanup
             -o hopcount_limit=100

smtp-downconvert  unix    -       -       -       -       2       smtp
    -o smtp_discard_ehlo_keywords=8bitmime,silent-discard

127.0.0.1:10026 inet  n       -       n       -       10      smtpd
             -o content_filter=
...
...
...


Suggestion: Add a DKIM config option to Ciphermail :-)

cheers
Matthias





--

MHC SoftWare GmbH

Fichtera 17                  
96274 Itzgrund/Germany   


voice: +49-(0)9533-92006-0
fax: +49-(0)9533-92006-6
e-mail: i...@mhcsoftware.de

HR Coburg: B2242
Geschaeftsfuehrer: Matthias Henze



_______________________________________________
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users






















					Reply via email to