Σχετ: DKIM and Amavis

Peter Tselios s91066 at yahoo.gr
Tue Mar 6 20:51:38 CET 2012 




________________________________
 Απο: Mark Martinec <Mark.Martinec+amavis at ijs.si>
Προς: amavis-users at amavis.org 
Στάλθηκε: 4:17 μ.μ. Τρίτη, 6 Μαρτίου 2012
Θεμα: Re: DKIM and Amavis
 
> Is it possible to handle DKIM via amavis?

Yes, since version 2.6.0, with some improvements in later versions.

> If so, is it possible to sign only SASL authenticated outgoing messages? 
> My setup is postfix + Amavis +opendkim.

Signing can be enabled/disabled by a policy bank, so the idea is to let
an MTA route messages which should be signed to a dedicated content
filtering port, where the policy bank can adjust the settings accordingly.

With version 2.7.0 the $enable_dkim_signing can be adjusted
by a policy bank:

- settings $enable_dkim_verification and $enable_dkim_signing are now
  dynamic, i.e. became members of policy banks, thus facilitating
  selectively enabling or disabling these features on a policy bank basis;


For example:

$enable_dkim_signing = 0;

$interface_policy{'10026'} = 'ORIGINATING';

$policy_bank{'ORIGINATING'} = {
  originating => 1,
  enable_dkim_signing => 1,
}


With earlier versions the same can be accomplished through
a @dkim_signature_options_bysender_maps setting, which was
always dynamic (i.e. configurable through policy banks).


> If so, is it possible to sign only SASL authenticated outgoing messages? 

Btw, even without any special settings, amavisd generates DKIM signatures
only for non-spam messages with $originating flag on, which (depending
on an MTA setup) only applies to authorized mail submission, either
through client's IP address being in @mynetworks, or for authenticated
(e.g. SASL) roaming users.

  Mark

Mark, I am impressed...
Let me put it in a simpler context, in order to see if I understood that correctly.
1. It is possible
2. In order to do so, I need to copy/paste your example

And finally (I need your help here):
3. Configure Postfix to write the ORIGINATING header?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20120306/8749f1c5/attachment.html>

More information about the amavis-users mailing list