Am 21. Februar 2017 19:52:42 MEZ schrieb David Mehler <dave.meh...@gmail.com>: >Hello, > >I'm not sure if this is the right place to ask this question, but it >is mail related. > >I've got Postfix 3.1, and two milter filters dkim (with OpenDKIM), and >dmarc (with OpenDMARC). At the time of initial setup I had one virtual >mailbox domain and things were working fine. > >Now I've added two more virtual mailbox domains and need to configure >both opendkim and opendmarc to handle them. I believe I have this with >OpenDKIM here's the config: > >AllowSHA1Only no >AlwaysAddARHeader yes >AuthservID hostname.example.com >AutoRestart Yes >AutoRestartRate 5/1h >Canonicalization relaxed/simple >ExternalIgnoreList refile:/usr/local/etc/mail/TrustedHosts >InternalHosts refile:/usr/local/etc/mail/TrustedHosts >KeyTable /usr/local/etc/mail/KeyTable >MinimumKeyBits 2048 >Mode sv >PidFile /var/run/milteropendkim/opendkim.pid >SigningTable /usr/local/etc/mail/SigningTable >Socket inet:8891@localhost >SoftwareHeader yes >SubDomains yes >Syslog Yes >SyslogSuccess yes >UserID opendkim > ># OPENDKIM TRUSTED HOSTS >127.0.0.1 >::1 >localhost >host.example.com >example.com >host.example2.com >example2.com >host.example3.com >example3.com > ># KeyTable >selector._domainkey.example.com >example.com:selector:/usr/local/etc/mail/keys/example.com/selector >selector._domainkey.example2.com >example2.com:selector:/usr/local/etc/mail/keys/example2.com/selector >selector._domainkey.example3.com >example3.com:selector:/usr/local/etc/mail/keys/example3.com/selector > ># SigningTable >example.com selector._domainkey.example.com >example2.com selector._domainkey.example2.com >example3.com selector._domainkey.example3.com > >With regards dkim will having an AuthservID of hostname.example.com >mess up dkim checks for any of the other virtual mailbox domains as >they are all on the one server? No. If you don't set the AuthservID configuration parameter the name of the MTA is used, when looking at the emails in my inbox this is the systems hostname. The AuthservID has nothing to do with your virtual domains and is just a label that e.g. opendmarc uses to get the input for its decisions, when checking SPF then there is probably another AR header with the same authservid name.
>I am not sure how to do this using opendmarc as I can't use a table. Why would you need a table for opendmarc? Opendmarc uses the authentication-result headers of SPF and dkim checks and then retrieves the sending domains dmarc policy from DNS and makes its decision based on that information. >If anyone has this working with these filters please let me know. I'm running such a setup with 6 domains for which I dkim sign and i receive for 11 domains. The AuthservID is the receiving systems hostname (postfix $myhostname and the real fqdn are the same, did not test which name is used when they differ) -- Christian Kivalo > >Thanks. >Dave.
