Re: Cannot sign with DKIM on same-server web and mail
I applied the recommendations from this thread (for which, many thanks!)
with some help from the spamassassin forum. Almost all of it works now
with the following exception. On postfix restart the following message
is logged.
"Could not retrieve sendmail macro "i"!. Please add it to
confMILTER_MACROS_ENVFROM"
I added a few lines found elsewhere, specifically
mua_recipient_restrictions, milter_connect_macros, mua_milters in
main.cf and modified master.cf accordingly but still get that error in
the logs.
The postfix document MILTER_README.html, under the workarounds section,
states...
"Some Milter applications use the "{if_addr}" macro to recognize local
mail; this macro does not exist in Postfix. Workaround: use the
"{daemon_addr}" (Postfix ≥ 3.2) or "{client_addr}" macro instead."
My setup for the relevant parameters is:
==
main.cf:
mua_recipient_restrictions =
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_sasl_authenticated,
reject
milter_default_action = accept
milter_protocol = 6
milter_connect_macros="i j {daemon_name} v {if_name} _"
smtpd_milters = unix:/var/run/opendkim/opendkim.sock,
unix:/var/run/opendmarc/opendmarc.sock,
unix:/var/run/spamass/spamass.sock, unix:/var/run/clamav/clamav-milter.ctl
non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
mua_milters = unix:/var/run/opendkim/opendkim.sock,
unix:/var/run/clamav/clamav-milter.ctl
master.cf:
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_wrappermode=no
-o smtpd_tls_security_level=encrypt
-o smtpd_recipient_restrictions=$mua_recipient_restrictions
-o smtpd_sasl_auth_enable=yes
-o receive_override_options=no_header_body_checks
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_milters=$mua_milters
pickupfifo n - n 60 1 pickup
-o content_filter=
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks
==
Spamassasin now adds the token UNPARSEABLE_RELAY to every email.
Research online suggests this is due to an incorrect setting in
milter_connect_macros.
I have removed the "i" from milter-connect-macros (most online texts
omit it anyway) with the result that dkim authentication in emails shows
"unknown-host", although it correctly passes the authentication...
DKIM-Filter: OpenDKIM Filter v2.10.3 unknown-host 5A44B320316
Authentication-Results: unknown-host; dkim=pass (etc)
I tried removing {if_name} but with no positive result. I've also tried
changing if_name to daemon_addr and client_addr, still with no success.
What should milter_connect_macros actually be? Is there something else
I'm missing?
I know I can disable UNPARSEABLE_RELAY in spamassassin but I would
rather get this right.
Software Versions:
Postfix:
postconf -d | grep mail_version
mail_version = 3.1.0
Spamassassin:
spamassassin -V
SpamAssassin version 3.4.2
running on Perl version 5.22.1
Opendkim
opendkim -V
opendkim: OpenDKIM Filter v2.10.3
Compiled with OpenSSL 1.0.2g 1 Mar 2016
Opendmarc
opendmarc -V
opendmarc: OpenDMARC Filter v1.3.1
Re: Cannot sign with DKIM on same-server web and mail
On 01/12/2019 12:01, Linkcheck wrote: > I applied the recommendations from this thread (for which, many thanks!) with > some help from the spamassassin forum. Almost all of it works now with the > following exception. On postfix restart the following message is logged. > > "Could not retrieve sendmail macro "i"!. Please add it to > confMILTER_MACROS_ENVFROM" The ‘Could not retrieve sendmail macro "i"’ message is due to a bug in spamass-milter. It cannot be worked around, but it is also completely harmless, ie it does not actually impact operation in any way. This bug has been open for many years, more info at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696856. -- David
Re: Cannot sign with DKIM on same-server web and mail
Ok, thanks. I can live with that. But what about UNPARSEABLE_RELAY? How can I preoperly fix that? Do I really have to nullify the rule or is there something in postfix that I've got wrong?
Re: Cannot sign with DKIM on same-server web and mail
On 01/12/2019 15:18, Linkcheck wrote:
> But what about UNPARSEABLE_RELAY? How can I preoperly fix that? Do I really
> have to nullify the rule or is there something in postfix that I've got wrong?
Try appending _ to the default connect macros. That does it for me.
milter_connect_macros = j {daemon_name} {daemon_addr} v _
--
David
Re: Cannot sign with DKIM on same-server web and mail
Dnia 1.12.2019 o godz. 14:18:32 Linkcheck pisze:
> Ok, thanks. I can live with that.
>
> But what about UNPARSEABLE_RELAY? How can I preoperly fix that? Do I
> really have to nullify the rule or is there something in postfix
> that I've got wrong?
I fixed this in one of SpamAssassin's Perl modules,
/usr/share/perl5/Mail/SpamAssassin/Message/Metadata/Received.pm.
Here is my diff:
*** Received.orig.pm2014-02-07 09:36:23.0 +0100
--- Received.pm 2019-09-27 12:38:23.0 +0200
***
*** 146,153
my $relay = $self->parse_received_line ($line);
if (!defined $relay) {
! dbg("received-header: unparseable: $line");
! $self->{num_relays_unparseable}++;
}
# undefined or 0 means there's no result, so goto the next header
--- 146,161
my $relay = $self->parse_received_line ($line);
if (!defined $relay) {
! # workaround: if SpamAssassin is running as a milter, first header is
! # artificially generated and doesn't contain IP address nor Message ID
! # like this:
! # from brama.eko.wroc.pl (unknown)_ by rafa.eu.org(Postfix
2.9.6/8.13.0) with SMTP id unknown_ Fri, 27 Sep 2019 12:31:50 +0200_
(envelope-from
! if ($line =~ m/^from +[-.a-zA-Z0-9]+ +\(unknown\).*with +SMTP +id
+unknown.*\(envelope-from/) {
! dbg("received-header: added by milter-ignored: $line");
! } else {
! dbg("received-header: unparseable: $line");
! $self->{num_relays_unparseable}++;
! }
}
# undefined or 0 means there's no result, so goto the next header
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
