Thanks. The suggestion to set milter_default_action to reject is good.
(I also tried unsetting milter_mail_macros.) Strangely, it doesn't
cause a rejection:
Oct 14 15:42:53 nantes-1 postfix/smtps/smtpd[5954]: connect from
w.z.y.x.rev.sfr.net[x.y.z.w]
Oct 14 15:42:53 nantes-1 postfix/smtps/smtpd[5954]: Anonymous TLS
connection established from 10.244.88.92.rev.sfr.net[92.88.244.10]:
TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)
Oct 14 15:42:54 nantes-1 postfix/smtps/smtpd[5954]: 05102FDD7F:
client=w.z.y.x.rev.sfr.net[x.y.z.w], sasl_method=PLAIN,
sasl_username=jeff
Oct 14 15:42:54 nantes-1 postfix/cleanup[5959]: 05102FDD7F:
message-id=<[email protected]>
Oct 14 15:42:54 nantes-1 postfix/qmgr[5926]: 05102FDD7F:
from=<[email protected]>, size=2588, nrcpt=1 (queue active)
Oct 14 15:42:54 nantes-1 postfix/smtps/smtpd[5954]: disconnect from
w.z.y.x.rev.sfr.net[x.y.z.w] ehlo=1 auth=1 mail=1 rcpt=1 data=1
quit=1 commands=6
Oct 14 15:42:54 nantes-1 dovecot: imap(jeff): Connection closed
(IDLE running for 0.001 + waiting input for 246.717 secs, 2 B in +
10+10 B out, state=wait-input) in=2669 out=365094
Oct 14 15:42:54 nantes-1 postfix/smtp[5960]: 05102FDD7F:
to=<[email protected]>, relay=ASPMX.L.GOOGLE.com[108.177.119.26]:25,
delay=0.5, delays=0.13/0.01/0.1/0.27, dsn=2.0.0, status=sent (250
2.0.0 OK 1602682974 y9si2260509ejg.460 - gsmtp)
Oct 14 15:42:54 nantes-1 postfix/qmgr[5926]: 05102FDD7F: removed
The config file is active, however. If I simply introduce a syntax
error, postfix won't restart. So somehow I seem to have disabled milter
support. I didn't know that was possible.
Jeff
On 14/10/2020 14:08, IL Ka wrote:
> Set "milter_default_action" to "reject", reload postfix, and try to
> send mail.
> You should probably get some errors in maillog.
> Check your syslog config, to make sure opendkim logs are also written.
>
> Check your dkim is running (telnet 127.0.0.1 8891).
>
> Btw, I have not set "milter_mail_macros" explicitly.
> The default on my system is "milter_mail_macros = i {auth_type}
> {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}" and
> it works.
>
>
> On Wed, Oct 14, 2020 at 1:27 PM Jeff Abrahamson <[email protected]
> <mailto:[email protected]>> wrote:
>
> I've set up OpenDKIM. I've noted the config below, but the basic
> issue is that my mails aren't being DKIM signed and my logs, while
> showing no mail-related errors, also don't show any evidence of
> milters running or trying to run. So I'm suspecting postfix
> config error rather than opendkim. So far all doc reading and
> googling is leading me nowhere immediately helpful.
>
> I'm trying to figure out what's wrong or at least how to debug it
> further. (This is all on ubuntu 16.04.6 LTS. I sadly need to get
> this working before I can spend the time to transition us to a
> 20.04 host.) Postfix is v 3.1.0, opendkim is 2.10.3.
>
> This is the relevant config I've added to my /etc/postfix/main.cf
> <http://main.cf>:
>
> smtpd_milters = inet:127.0.0.1:8891
> <http://127.0.0.1:8891>
> non_smtpd_milters = $smtpd_milters
> milter_default_action = accept
> milter_protocol = 6
> # Appears default doesn't include {auth_type}.
> # Cf. http://www.opendkim.org/opendkim.8.html
> milter_mail_macros="i {mail_addr} {client_addr} {client_name}
> {auth_type} {auth_authen}"
>
> The OpenDKIM config is this:
>
> Canonicalization relaxed/relaxed
> ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
> InternalHosts refile:/etc/opendkim/TrustedHosts
> KeyTable refile:/etc/opendkim/KeyTable
> LogWhy Yes
> # MilterDebug 0
> MilterDebug 1
> MinimumKeyBits 1024
> Mode sv
> PidFile /var/run/opendkim/opendkim.pid
> SigningTable refile:/etc/opendkim/SigningTable
> # Must agree with value in /etc/default/opendkim.
> Socket inet:8891@localhost
> Syslog Yes
> SyslogSuccess Yes
> TemporaryDirectory /var/tmp
> UMask 022
> UserID opendkim:opendkim
> OversignHeaders From
> SignatureAlgorithm rsa-sha256
> AutoRestart Yes
>
> KeyTable is
>
> nantes-1.p27.eu <http://nantes-1.p27.eu>
> p27.eu:mail:/etc/opendkim/p27.eu.key
>
> SigningTable is
>
> *@p27.eu <http://p27.eu> nantes-1.p27.eu
> <http://nantes-1.p27.eu>
> *@transport-nantes.com <http://transport-nantes.com>
> nantes-1.p27.eu <http://nantes-1.p27.eu>
>
> and TrustedHosts (which may not be needed) is
>
> 127.0.0.1
>
> Any suggestions?
>
> --
> Jeff Abrahamson
> +33 6 24 40 01 57
> +44 7920 594 255
>
> http://p27.eu/jeff/
> http://transport-nantes.com/
>
--
Jeff Abrahamson
+33 6 24 40 01 57
+44 7920 594 255
http://p27.eu/jeff/
http://transport-nantes.com/
