Hey, I'm fully aware DMARC does not sign,but thanks for the clarification on if I dont specify smtpd_milters in smtps or submission it's still implied from the main.cf entry, will use the logwhy advice in the morning, thanks heaps
On Tue, Oct 24, 2023 at 7:46 PM Matus UHLAR - fantomas via Postfix-users < postfix-users@postfix.org> wrote: > On 24.10.23 14:35, Nick Edwards via Postfix-users wrote: > > I need a refresher hand with DKIM, we have in main.cf > > > >smtpd_milters = inet:127.0.0.1:8891,inet:127.0.0.1:8892 > >non_smtpd_milters = $smtpd_milters > >milter_default_action = accept > >spfpolicy_time_limit = 3600 > >milter_protocol = 6 > > > >DKIM is 8891, DMARC is 8892 we had questions that it is not signing those > >who use smtps or submission > > dmarc does no signing, DKIM does, but the milter must decide to sign. > look at your dkim config, with opendkim perhaps the "LogWhy" option. > > >master.cf says > > > >smtps inet n - n - - smtpd > > -o smtpd_tls_wrappermode=yes > > -o smtpd_sasl_auth_enable=yes > > -o smtpd_client_restrictions=$submission_client_restrictions > > -o smtpd_recipient_restrictions=$submission_recipient_restrictions > > -o receive_override_options=no_header_body_checks > > -o smtpd_helo_restrictions= > > -o smtpd_sender_restrictions= > > -o smtpd_data_restrictions= > > -o smtpd_client_connection_rate_limit=1000 > > -o content_filter= > > > >submission is identical - almost, we don't include > >smtpd_milters = inet:127.0.0.1:8891 in smtps and submission, > >is this needed? I was thinking non_smtpd_foo basically means it is > >included, but then you wouldn't do dmarc checking there so I got to > >thinking again, maybe not.. > > If you don't override smtpd_milters in master.cf for smtps/submission > services, the default settings (from main.cf) will apply. > > Note that you don't need dmarc for outgoing mail, just DKIM signing. > > >Just asking the collective guru's here before I change/break anything > given > >my lengthy time away for running pf boxes :) > >maybe an above option is cancelling out something? > > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > LSD will make your ECS screen display 16.7 million colors > _______________________________________________ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org >
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
