Struggling with DKIM signing

Matus UHLAR - fantomas uhlar at fantomas.sk
Wed Nov 6 14:58:15 CET 2024 

Forgot this one:

On 06.11.24 09:36, Nick Howitt wrote:
>For submission see 2 above. I don't use smtps. I know it is in common 
>use, but I don't believe it was ever recognised as a standard.

FYI, smtps aka submissions was standardized in January 2018 by RFC 8314.
It was a de-facto standard for years - the advantage over submission/587 
STARTTLS is that TLS is implicit here - you may forget to require STARTTLS 
on port 587 and continue without it, which is not possible on port 465

Some years ago I've had problems with starttls on port 587 due to antivirus 
issue, and since then I preferred 465.

>On 06/11/2024 09:58, Matus UHLAR - fantomas wrote:
>>I guess you mean "main.cf here"

On 06.11.24 10:06, Nick Howitt wrote:
>No. master.cf:
>
>   submission inet n       -       y       -       - smtpd
>      -o syslog_name=postfix/submission
>      -o smtpd_tls_security_level=encrypt
>      -o smtpd_sasl_auth_enable=yes
>      -o smtpd_tls_auth_only=yes
>      -o smtpd_reject_unlisted_recipient=no
>      -o smtpd_sasl_type=dovecot
>      -o smtpd_sasl_path=private/auth
>      -o content_filter=smtp-amavis:[127.0.0.1]:10028

Aha, that explains it. Only for submission, so other services don't feed 
mail to amavis.

I guess main.cf sets  content_filter=smtp-amavis:[127.0.0.1]:10024

>Yes, as posted somewhere earlier:
>
>   127.0.0.1:10025 inet  n    -    n    -    - smtpd
>        -o content_filter=

... and it's explicitly unset here.

>        -o local_recipient_maps=
>        -o relay_recipient_maps=
>        -o smtpd_restriction_classes=
>        -o smtpd_client_restrictions=
>        -o smtpd_helo_restrictions=
>        -o smtpd_sender_restrictions=
>        -o smtpd_recipient_restrictions=permit_mynetworks,reject
>        -o mynetworks=127.0.0.0/8
>        -o strict_rfc821_envelopes=yes
>        -o smtpd_error_sleep_time=0
>        -o smtpd_soft_error_limit=1001
>        -o smtpd_hard_error_limit=1000
>        -o
>   receive_override_options=no_header_body_checks,no_unknown_recipient_checks

I guess everything is running now, or do you still have a problem?

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
He who laughs last thinks slowest.

More information about the amavis-users mailing list