On Oct 18, 2012, at 00:56, Quanah Gibson-Mount wrote: > Right now, we can have up to 4 different processing filters in our > configuration, based on what features are enabled. > > In general, we always have: > > 1) OpenDKIM for signing > > Then we almost always have > > 2) Amavis > > Then we sometimes have > > 3) A Zimbra written Milter service > > And rarely > > 4) A journaling milter > > > For OpenDKIM, I currently have it set up as a content_filter, which works > well as long as Amavis is not also enabled. > > smtp inet n - n - - smtpd > -o content_filter=scan:[127.0.0.1]:10029 > > If Amavis is enabled, it is called as originating vs foreign via: > postconf smtpd_sender_restrictions > smtpd_sender_restrictions = check_sender_access > regexp:/opt/zimbra/postfix/conf/tag_as_originating.re, permit_mynetworks, > permit_sasl_authenticated, permit_tls_clientcerts, check_sender_access > regexp:/opt/zimbra/postfix/conf/tag_as_foreign.re > > zimbra@zre-ldap002:~/postfix/conf$ cat tag_as_originating.re > /^/ FILTER smtp-amavis:[127.0.0.1]:10026 > > zimbra@zre-ldap002:~/postfix/conf$ cat tag_as_foreign.re > /^/ FILTER smtp-amavis:[127.0.0.1]:10024 > > This of course overrides the content_filter line, so OpenDKIM never fires > there. I fixed that by adding -o smtpd_milters=inet:localhost:8465 to the > port 10025 re-injection smtpd for Amavis. However, this causes OpenDKIM to > run after Amavis executes, when I want it to run prior to Amavis.
What if you added '-o smtpd_milters=inet:localhost:8465' to the smtp line mentioned above, to call OpenDKIM, instead of the content_filter? Would that be overridden too by your FILTER action for Amavis? If it's not, then it may be as simple as listing your journaling and OpenDKIM milters there, and adding the milter server to the Amavis reinjection smtpd, if Amavis is enabled, or as a third argument to 'smtpd_milters' if Amavis is disabled, but your milter server enabled? My understanding of how milters interact is limited, however, as I have no practical experience with more than one. I could very well be misunderstanding the complexities of a workflow like this. HTH, Jona -- > The milter server is handled by setting smtpd_milters via postconf, which I > haven't tested yet, but I'm pretty certain will override the setting to > Amavis. > > The journaling server is handled via smtpd_proxy_filter to the smtp process: > -o smtpd_proxy_filter=127.0.0.1:10027 > > So is there an easy/best way to get things to all work & play together at > once? I believe if I move OpenDKIM to be a smtpd_proxy_filter, that will > allow me to force it to execute before Amavis, but then what do I do for the > journaling server? Basically, trying to figure out the best way to force > things to flow in the sequence I require which is: > > Journaling (if enabled) > OpenDKIM > Amavis (if enabled) > Milter server (if enabled) > > Any insights appreciated! > > Thanks, > Quanah > > -- > Quanah Gibson-Mount > Principal Software Engineer > Zimbra, Inc > -------------------- > Zimbra :: the leader in open source messaging and collaboration
