postfix-users May 2014 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: RE: Getting DKIM to work with Mailman and Postfix

RE: Getting DKIM to work with Mailman and Postfix

From: James B. Byrne <byrnejb_at_nospam>
Date: Mon May 05 2014 - 18:45:52 GMT
To: "Postfix users" <postfix-users@postfix.org>

On Mon, May 5, 2014 14:29, Marius Gologan wrote:
> I've noticed you are using amavisd-new. It can easily sign your messages.
>
> I'm showing what I use:
>
> cat /etc/amavis/conf.d/22-dkim
> use strict;
>
> $enable_dkim_signing = 1;
>
> dkim_key('domain1.com', 'dkim', '/path/to/domain1.com-dkim.key.pem');
> @dkim_signature_options_bysender_maps = (
> { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );
> @mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12
> 192.168.0.0/16 ); # list your internal networks
>
> 1; # ensure a defined return
>
>
> Generate certificate:
> amavisd-new genrsa /path/to/domain1.com-dkim.key.pem 2048
>
>
> Show the formatted value for DNS TXT record:
> amavisd-new showkeys domain1.com
>
>
> Marius.

Forgive me if I do not understand what you are trying to convey. We already
have Postfix DKIM correctly signing emails originating in our domains and
passing through our outgoing smtp gateway. The problem is that mail that
comes to that host destined for a Mailman mailing list is not being signed
when it is forwarded out again. That is what I want to have fixed.

I am not sure of anything but at the moment my belief is that the Mailman
forwarded mail is not being processed by OpenDKIM because of this entry in
master.cf:

# Before-queue Amavis after-filter processing
# Receive amavis re-injection and do no other checks
#
127.0.0.1:10025
            inet n - n - - smtpd
    -o content_filter=
. . .
    -o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,
    -->> no_milters, <<-- no_address_mappings

Just a guess mind you. However, I am not yet desperate enough to play around
with this without some informed guidance on the matter.

-- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3