I'm attempting to implement domainkeys using Jason Long's dkfilter. (If I'd been more knowledgeable, I'd have done DKIM instead, but I think my current problem may be unrelated to domainkeys versus DKIM.)
I've been trying to follow these tutorials: http://www.howtoforge.com/postfix_dkfilter_domain_keys_implementation http://fluzo.org/blog/post/tutorial-domainkeys-dkim-postfix#3980 http://wiki.railsmachine.com/UsingDkimEmailAuthentication I've succeeded in getting it all set up to the point that incoming mail gets appropriate Authentication-Results headers added to it. However, my outgoing mail isn't getting DomainKey-Signature headers added to it, and I can't figure out what's wrong. I have my public and private keys in /usr/local/dkfilter. A "ps x" shows that I have both dkfilter.in and dkfilter.out daemons running. My DNS has what I think are an appropriate TXT records (_domainkey.lightandmatter.com and m1._domainkey.lightandmatter.com). Below is the relevant section of my /etc/postfix/master.cf file. Is there some further configuration step that I'm missing? Any help would be much appreciated! - Ben ----------------------------------------------------------- # # Before-filter SMTP server. Receive mail from the network and # pass it to the content filter on localhost port 10025. # smtp inet n - n - - smtpd -o smtpd_proxy_filter=127.0.0.1:10025 -o smtpd_client_connection_count_limit=10 # # After-filter SMTP server. Receive mail from the content filter on # localhost port 10026. # 127.0.0.1:10026 inet n - n - - smtpd -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions= -o mynetworks=127.0.0.0/8 -o receive_override_options=no_unknown_recipient_checks # # modify the default submission service to specify a content filter # and restrict it to local clients and SASL authenticated clients only # submission inet n - n - - smtpd -o smtpd_etrn_restrictions=reject -o smtpd_sasl_auth_enable=yes -o content_filter=dksign:[127.0.0.1]:10027 -o receive_override_options=no_address_mappings -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject # # specify the location of the DomainKeys signing filter # dksign unix - - n - 10 smtp -o smtp_send_xforward_command=yes -o smtp_discard_ehlo_keywords=8bitmime # # service for accepting messages FROM the DomainKeys signing filter # 127.0.0.1:10028 inet n - n - 10 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8
