Am 25.06.2014 03:01, schrieb Thomas R.: > OpenDKIM bases its decision whether mail can be signed on, among other > things, the connecting IP. However this > only works if there has been no SMTP relay or proxy prior to the mail > reaching the milter. If there has been, > OpenDKIM sees the IP address of the relay/proxy and treats it as "trusted". > This leads to it signing some incoming > mail (if the From: has been forged to use my domain name). > > My setup for incoming smtpd mail currently has proxsmtp acting as an SMTP > proxy - this scans mail using bogofilter. > > Setup: > > Incoming mail -> postfix (25) -> proxsmtp (10025) -> postfix (10026) + > opendkim milter -> cleanup, queue, etc
why not change the order? a contentfilter is anyways expensive and should be the last one nad so only face messages which made it trough all the cheaper tests and filters
