Currently my master.cf looks like this: 192.168.1.10:25 inet n - - - - smtpd -o myhostname=dns1.sebbe.eu -o smtpd_tls_cert_file=/etc/postfix/dns1.crt -o content_filter=smtp-downconvert:127.0.0.1:10025 192.168.1.10:26 inet n - - - - smtpd -o myhostname=dns2.sebbe.eu -o smtpd_tls_cert_file=/etc/postfix/dns2.crt -o content_filter=smtp-downconvert:127.0.0.1:10025 192.168.1.10:465 inet n - - - - smtpd -o myhostname=dns1.sebbe.eu -o smtpd_tls_cert_file=/etc/postfix/dns1.crt -o smtpd_tls_wrappermode=yes -o content_filter=smtp-downconvert:127.0.0.1:10025 192.168.1.10:466 inet n - - - - smtpd -o myhostname=dns2.sebbe.eu -o smtpd_tls_cert_file=/etc/postfix/dns2.crt -o smtpd_tls_wrappermode=yes -o content_filter=smtp-downconvert:127.0.0.1:10025 2001:470:28:1c:1:10:0:1:25 inet n - - - - smtpd -o myhostname=dns1.sebbe.eu -o smtpd_tls_cert_file=/etc/postfix/dns1.crt -o content_filter=smtp-downconvert:127.0.0.1:10025 2001:470:28:1c:1:10:0:2:25 inet n - - - - smtpd -o myhostname=dns2.sebbe.eu -o smtpd_tls_cert_file=/etc/postfix/dns2.crt -o content_filter=smtp-downconvert:127.0.0.1:10025 2001:470:28:1c:1:10:0:1:465 inet n - - - - smtpd -o myhostname=dns1.sebbe.eu -o smtpd_tls_cert_file=/etc/postfix/dns1.crt -o smtpd_tls_wrappermode=yes -o content_filter=smtp-downconvert:127.0.0.1:10025 2001:470:28:1c:1:10:0:2:465 inet n - - - - smtpd -o myhostname=dns2.sebbe.eu -o smtpd_tls_cert_file=/etc/postfix/dns2.crt -o smtpd_tls_wrappermode=yes -o content_filter=smtp-downconvert:127.0.0.1:10025 smtp-downconvert unix y - - - - smtp -o smtp_send_xforward_command=yes 127.0.0.1:10026 inet n - - - - smtpd -o smtpd_authorized_xforward_hosts=127.0.0.1 -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_relay_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_milters=inet:localhost:8991,inet:localhost:8891 -o non_smtpd_milters=inet:localhost:8991,inet:localhost:8891
Now I want to do this: When mail is *relayed* through any of the eigth servers (non-local mail) – I want to run as is, where the mail is run through 10025 first (djigzo S/MIME gateway) and then through 10026 and then through the milters 8991 and 8891. (so the djigzo gateway can modify content BEFORE mail is signed by the 8891 milter – because the DKIM signature will be made invalid if djigzo encrypts or signs a mail) When mail is NOT relayed, eg is targeted at any local users, I want to FIRST pass it through the 8891 milter, THEN pass it through 10025 –> 10026. (so the djigzo gateway can modify content AFTER the 8891 milter has verified the DKIM signature – because modification will invalidate the signature if the DKIM signature is verified after decryption or verification). The 8991 milter only does hashcash signing and has no effect on non-relayed mail anyways. How can this be accomplished?
smime.p7s
Description: S/MIME Cryptographic Signature
