On 10/18/2011 12:12 PM, Simon Brereton wrote: > Hi > > I expect that this is not recommended practice, but before I implemented DKIM > signing, Amavis used to scan ALL mail - incoming and outgoing - and I was > happy with that. > > If I want Amavis to scan and rate the mail after dkim proxy has signed it, is > that as simple as adding the content filter to the incoming socket? Curently > when dkim returns the mail it looks like this (in master.cf).. > > ### local TCP socket for relay with dkimproxy.out > 127.0.0.1:10029 inet n - n - 10 smtpd > -o content_filter= > -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks > -o > smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject > -o smtpd_authorized_xforward_hosts=127.0.0.0/8 > > If I add smtp-amavis:[127.0.0.1]:10024 (as it is in my main.cf, will this > pass it off to amavis to be scanned?
that looks OK, but see below. > > Is there a good reason to not do this? Is there a better way to do this? Yes and yes. Rather than using dkim-proxy, I strongly recommend using the amavisd-new built-in DKIM signing and verifying. If you can't use that for some reason, the other excellent choice is the OpenDKIM milter. Using dkim-proxy is a distant third. Reasons include simpler setup and reliability. -- Noel Jones
