On 12.09.10 10:46, mouss wrote:
> Received headers should not be included in the DKIM signature. so
> removing them won't invalidate DKIM.
If you have a look at my message which you quoted, you'll see
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=seichter.de; h=
content-transfer-encoding:content-type:content-type:in-reply-to
:references:subject:subject:mime-version:user-agent:from:from
:date:date:message-id:received:received; s=sep2010; t=
1284280386; x=1286872386; bh= [...]
My interpretation of this is that amavisd-new will DKIM-sign "Received:"
headers if they are present. Maybe there's something amiss anyway, because
"subject:subject" or "date:date" look kind of strange?
> in amavisd.conf, add:
>
> #do not insert a Received header
> $insert_received_line = 0;
Ah, this option seems to have a positive effect when combined with the
following postfix configuration:
# /etc/postfix/master.cf
# Mail arriving via submission port.
submission inet n - n - - smtpd
-o content_filter=amavis:[127.0.0.1]:10124
-o
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/dovecot-auth
-o smtpd_sasl_security_options=noanonymous
-o cleanup_service_name=submission_cleanup
# Mail entering AMaViS.
amavis unix - - n - 2 smtp
-o smtp_send_xforward_command=yes
# Cleanup service for mail arriving via submission port.
submission_cleanup unix n - n - 0 cleanup
-o header_checks=pcre:$config_directory/submission_header_checks
# pcre:/etc/postfix/submission_header_checks
/^Received:\s+from\s+\w+\.privatedomain\.tld\b/ IGNORE
I have used http://www.brandonchecketts.com/emailtest.php for testing,
and this service reports that my test messages arrive with private
routing information removed and still have valid DKIM signatures. That's
exactly what I intended, thanks!
-Ralph
