Noel Jones wrote:
>
> # dk-filter -H -S mailgate -M {auth_author} -o Received -s
> /var/db/certificates/domainkey.private -d example.com -i
> /var/db/domainkey.clients -u milter -l -p inet:[EMAIL PROTECTED]
>
> and the /var/db/domainkey.clients file is a list of networks that
> should be signed, in CIDR notation:
> # cat /var/db/domainkey.clients
> 127.0.0.1
> 192.168.0.0/16
> 10.0.0.0/8
>
This sounds promissing! But I have distributed, moving users and therefore
uses pop-before-smtp for authentication, which means that my IP list is in a
hash table, which is not in CIDR format. :-(
I could maybe hack pop-before-smtp to trick generating a flat table each
time there is any changes - but then I will probably have to restart
dk-filter (and dkim-filter)..
I came to think of something else - the approach described in the original
post suggests all mails are verified, but only authenticated mails are
signed. It could probably rather easily be changed to sending the
non-locally submitted mails through the verification AFTER the content
filter. Ie in master.cf moving the lines
-o milter_default_action=accept
-o milter_macro_daemon_name=MTA
-o smtpd_milters=inet:127.0.0.1:4442,inet:127.0.0.1:4443
from the section
smtp inet n - - - - smtpd
to the section
localhost:10025 inet n - n - 10 smtpd
Will this approach break the signatures if (when) the content filter
(amavis) adds headers?
Regards
Henrik ?stergaard
--
View this message in context:
http://www.nabble.com/Setting-up-DKIM-and-DomainKeys-mail-signing-and-verification-tf2259401.html#a6553221
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
