Here's what I want to do: 1. Email is received for an address I have set to forward emails, let's call it forw...@example.com. 2. Postfix pipes the email through a command postforward, which in turn runs the email through postsrsd, to make spf and such validate (especially when forwarding to an email address I don't host). 3. Postforward reinjects the email with sendmail, now with a return_path of <something>@srs.example.org. 4. All of this works up to this point, but what I want to do next is send emails through to a dkim signing program, to sign emails from srs.example.org so that the dkim signature validates as well.
Right now I'm trying to use dkimproxy as a content filter which is set to sign
all messages from srs.example.org, but it seems that the cleanup daemon doesn't
run on reinjected mails. I'm assuming there's a good reason for this, but it
means that emails reinjected with postforward aren't going to processed by...
just about anything as far as I can tell, so I can't get it to sign them.
Output of postconf -n:
alias_database = $alias_maps
alias_maps = hash:/etc/postfix/aliases, hash:/var/lib/mailman/data/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/bin
compatibility_level = 2
content_filter = dkim:127.0.0.1:10025
daemon_directory = /usr/lib/postfix/bin
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
dkim_destination_recipient_limit = 1
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 51200000
meta_directory = /etc/postfix
milter_protocol = 6
mydestination = $myhostname, localhost, srs.mwtd.net
myhostname = mtmail.mwtd.net
mynetworks = 184.164.76.226/32, [2001:470:1f19:6ab::2]/128, 127.0.0.0/8,
[::1]/128
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
non_smtpd_milters = inet:127.0.0.1:8891
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_canonical_classes = envelope_recipient,header_recipient
recipient_canonical_maps = tcp:127.0.0.1:10002
recipient_delimiter = +
relay_domains = todo.2mb.codes, lists.2mb.codes, $mydestination
sample_directory = /etc/postfix
sender_dependent_default_transport_maps = pcre:/etc/postfix/sender_relay
sendmail_path = /usr/bin/sendmail
setgid_group = postdrop
shlib_directory = /usr/lib/postfix
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_use_tls = no
smtpd_delay_reject = yes
smtpd_milters = inet:127.0.0.1:8891, inet:127.0.0.1:8893, inet:127.0.0.1:8892
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination, reject_invalid_hostname, reject_unauth_pipelining,
check_sender_access hash:/etc/postfix/access, reject_unknown_sender_domain,
reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net,
check_policy_service inet:127.0.0.1:10030
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/letsencrypt/live/mtmail.mwtd.net/chain.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mtmail.mwtd.net/cert.pem
smtpd_tls_dh1024_param_file = /etc/courier-imap/dhp4096.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mtmail.mwtd.net/privkey.pem
smtpd_tls_security_level = may
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
proxy:mysql:/etc/postfix/mysql_virtual_alias_domains.cf, lists.kallistimud.com,
lists.legendsofkallisti.com, forwardme.email, am.forwardme.email,
meowymail.com, forward.mwtd.net
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf,
hash:/var/lib/mailman/data/virtual-mailman, hash:/etc/postfix/virtual
pcre:/etc/postfix/lists
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains =
proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf, bounce.forwardme.email
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf,
hash:/etc/postfix/bounce-domains
virtual_minimum_uid = 100
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:5000
Non comment lines in master.cf:
smtp inet n - n - - smtpd
-o content_filter=spamassassin
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,reject
-o milter_macro_daemon_name=ORIGINATING
465 inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
spamassassin unix - n n - - pipe
flags=R user=spamd argv=/usr/bin/vendor_perl/spamc -e /usr/bin/sendmail -oi -f
${sender} ${recipient}
virtualprocmail unix - n n - - pipe flags=DRXhuq user=vmail
argv=/usr/bin/procmail -m E_SENDER=$sender E_RECIPIENT=$recipient
ER_USER=$user ER_DOMAIN=$domain ER_DETAIL=$extension NEXTHOP=$nexthop
/etc/procmail.d/default.rc
maildrop unix - n n - - pipe
flags=ODRhu user=vmail argv=/usr/bin/maildrop -d ${user}@${domain}
${extension} ${recipient} ${user} ${nexthop}
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d
${user}@${nexthop} -a ${recipient}
dkim unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o disable_mime_output_conversion=yes
-o smtp_generic_maps=
localhost:10026 inet n - n - 10 smtpd
-o content_filter=
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
# Postfix 2.10 and later: specify empty smtpd_relay_restrictions.
-o smtpd_relay_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
I've tried several options to get cleanup to run on the reinjected mails, including
simply piping emails to postforward (alias: "|/usr/bin/postforward email"),
changing out email for a local alias that then maps to said email, and changing that out
for a virtual alias that maps to the email as well.
Any thoughts on how this can be accomplished?
-Michael.
signature.asc
Description: PGP signature
