Problem signing emails with DKIM

Florian Pelgrim florian.pelgrim at craneworks.de
Wed Nov 30 17:52:15 CET 2016


Hi,

I'm trying to get my outgoing emails signed with DKIM. This is what I
configured so far to get this done:

/etc/postfix/master.cf
[...]
submission inet n       -       n       -       -       smtpd
    [...]
    -o milter_macro_daemon_name=ORIGINATING
[...]

/etc/postfix/main.cf
[...]
milter_default_action = accept
milter_protocol = 6
smtpd_milters = unix:/run/amavis/amavisd-milter.sock
[...]

/etc/amavis/conf.d/50-user
[...]
$policy_bank{'ORIGINATING'} = {
    originating => 1,
    bypass_spam_checks_maps => [1],
    warnbadhsender => 1,
};
[...]
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;

dkim_key('example.com', 'default', '/var/lib/amavis/db/example.com');
@dkim_signature_options_bysender_maps = (
    { '.' =>
        {
                ttl => 21*24*3600,
                c => 'relaxed/simple'
        }
    }
);

If I send now an email it doesn't get signed (incoming verification is
working) and this is what I see in my log file:
Nov 26 20:17:17 mail amavis[7731]: (07731-01) Passed CLEAN
{AcceptedOpenRelay}, AM.PDP-SOCK [176.74.56.140] [176.74.56.140]
<foo at example.com> -> <bar at example2.com>, Queue-ID: 7D1B4161025,
Message-ID: <b3ab3aa9-6d9c-7f74-b132-7195fd8ad80f at example.com>, mail_id:
XRns4IkjqGfx, Hits: -1, size: 599, 525 ms

If I get this right "AcceptedOpenRelay" indicates that amavis is not
considering this email to be from originating?

Most examples I found in the internet are by using different ports. But
the option "milter_macro_daemon_name" should tell him from where the
email is coming from or did I get this wrong?

OS: Debian Jessie
Amavisd-milter: 1.5.0-5
Amavisd-new: 1:2.10.1-2~deb8u1
Postfix: 2.11.3-1

Any suggestions why this is not working?

Cheers
Flo


More information about the amavis-users mailing list