Am 12.10.2014 um 15:23 schrieb Wietse Venema: > Robert Schetterer: >> double check your dmarc milter setup, it s very tricky with postfix, >> make sure mail is not altered on its way ( which might brake dkim ) > > I agree that changing a message breaks its DKIM signature, but I > why this is "tricky" with Postfix.
not dkim, dmarc ! http://mail-archives.engardelinux.org/modules/index/list_archives.cgi?list=postfix-users&page=0457.html&month=2014-04 For bizarre Sendmail compatibility reasons, Milters don't see the first header in the message. Changing that would cost me at least a day to ensure that it breaks nothing with "add header", "delete header", etc. requests. http://www.trusteddomain.org/pipermail/opendmarc-users/2014-September/000404.html ... I solved it like this: As a first action I always add a pseudo headerline in smtpd_data_restrictions. So the headerline for SPF will became the second one and postfix passes it to the milters. Config in main.cf is: ... smtpd_data_restrictions = check_sender_access regexp:/etc/postfix/add_header_to_all.regexp, check_policy_service unix:private/policyd-spf ... The file "/etc/postfix/add_header_to_all.regexp" contains only the following line: ... /.\@./ PREPEND X-MY: Auth-Res ... Milters came with smtp_milter = DKIM-MILTER,DMAR-MILTER,etc. a few more links can be found here https://sys4.de/de/blog/2014/09/20/fallstricke-mit-opendmarc-und-postfix/ so there are a lot of stuff which can be misconfigured, or bug related problems with the dmarc milter itself ... > > If you are referring to the the header position counter, what does > that have to do with DKIM signatures? > > Wietse > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
