[Postfixbuch-users] Signierung mit DKIM geht nicht
Jim Knuth
jk at jkart.de
Fr Feb 25 16:50:51 CET 2011
am 25.02.11 16:26 schrieb Kai Fürstenberg <kai_postfix at fuerstenberg.ws>:
> Am 25.02.2011 16:10, schrieb Jim Knuth:
>> am 25.02.11 15:59 schrieb Kai Fürstenberg<kai_postfix at fuerstenberg.ws>:
>>
>>> Hallo,
>>>
>>> Am 25.02.2011 15:17, schrieb Jim Knuth:
>>>> policy_bank gibt’s auch in der amavisd.conf
>>>>
>>>> Bitte erleuchtet mich und sagt mir, ob ich noch was liefern
>>>> muss. Danke.
>>>
>>> Prüf mal folgendes:
>>>
>>> $enable_dkim_signing = 1;
>>> dkim_key(); #(entsprechend eintragen)
>>
>> $enable_dkim_verification = 1;
>> $enable_dkim_signing = 1;
>>
>> dkim_key('server1.art-domains.de', 'main',
>> '/var/lib/amavis/dkim/dkim-key.pem');
>> @dkim_signature_options_bysender_maps = (
>> { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );
>>
>>>
>>> Außerdem müssen die eigenen Domains als lokal betrachtet werden.
>>> @local_domains_maps #(entsprechend eintragen)
>>
>> @local_domains_maps = ( read_hash("$MYHOME/local_domains") );
>>
>> und DA (in local_domains) steht sie auch drin
>>
>>>
>>> In der policy_bank:
>>> $originating=1;
>>
>> so ist es
>>
>>>
>>> Ansonsten wäre die Amavis-Konfig sehr hilfreich.
>>
>> das obige ist ja eigentlich nur relevant, oder?
>
> Relevant ist das in erster Linie "$originating" und "@local_domains_maps".
>
> Wie lieferst du die Mails ein und wie kommen sie zu Amavis und wie wird
> die policy_bank aufgerufen?
>
mmh, da brauchst du wohl postconf -n und die master.cf?
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
always_bcc = web1p5
biff = no
body_checks = regexp:$filter/body_checks.regexp
bounce_queue_lifetime = 3d
bounce_template_file = /etc/postfix/bounce.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
default_privs = mail
delay_warning_time = 3h
disable_vrfy_command = yes
header_checks = regexp:$filter/header_checks.regexp
pcre:$filter/header_checks.pcre
home_mailbox = Maildir/
html_directory = no
inet_interfaces = 77.236.98.239, 127.0.0.1
local_destination_concurrency_limit = 1
local_header_rewrite_clients =
local_recipient_maps = proxy:unix:passwd.byname
mail_name = Postfix-Amavis
mail_owner = postfix
mailbox_command = /usr/bin/procmail -t /etc/procmailrc
mailbox_size_limit = 102400000
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
maximal_queue_lifetime = 3d
message_size_limit = 51200000
mime_header_checks = pcre:$filter/mime_header_checks
mydestination = $myhostname
myhostname = server1.art-domains.de
mynetworks = 127.0.0.0/8
myorigin = $myhostname
nested_header_checks = $header_checks
newaliases_path = /usr/bin/newaliases
postscreen_bare_newline_action = drop
postscreen_bare_newline_enable = yes
postscreen_dnsbl_action = drop
postscreen_dnsbl_sites = black.uribl.com zen.spamhaus.org
bl.spamcop.net dnsbl.njabl.org ix.dnsbl.manitu.net
postscreen_dnsbl_threshold = 2
postscreen_greet_action = drop
postscreen_helo_required = yes
postscreen_non_smtp_command_enable = yes
postscreen_pipelining_action = drop
postscreen_pipelining_enable = yes
proxy_read_maps = proxy:mysql:$mysql/client_access.cf
proxy:mysql:$mysql/sender_access.cf proxy:unix:passwd.byname
queue_directory = /var/spool/postfix
readme_directory = no
recipient_delimiter = +
remote_header_rewrite_domain =
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
show_user_unknown_table_name = no
smtp_bind_address = 77.236.98.239
smtp_connect_timeout = 90s
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 20
smtpd_client_connection_rate_limit = 100
smtpd_client_message_rate_limit = 100
smtpd_client_recipient_rate_limit = 100
smtpd_data_restrictions = reject_multi_recipient_bounce
reject_unauth_pipelining
smtpd_hard_error_limit = 5
smtpd_helo_required = yes
smtpd_junk_command_limit = 50
smtpd_policy_service_max_idle = 3600s
smtpd_policy_service_max_ttl = 3600s
smtpd_proxy_options = speed_adjust
smtpd_recipient_restrictions = permit_mynetworks
reject_non_fqdn_sender reject_non_fqdn_recipient
reject_unknown_recipient_domain reject_unknown_sender_domain
permit_sasl_authenticated reject_unauth_destination
reject_invalid_hostname reject_unlisted_sender
reject_unlisted_recipient check_recipient_access
hash:$filter/verbotene_empfaenger check_client_access
pcre:$filter/dynip check_client_access
proxy:mysql:$mysql/client_access.cf check_sender_access
proxy:mysql:$mysql/sender_access.cf
check_sender_mx_access hash:$filter/wildcard_mx
check_sender_mx_access cidr:$filter/bogon_networks.cidr
check_policy_service inet:127.0.0.1:12525 check_policy_service
inet:127.0.0.1:10031
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = mail.server1.art-domains.de
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = $certs/postfix_public_cert.pem
smtpd_tls_key_file = $certs/postfix_private_key.pem
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 7200s
smtpd_use_tls = yes
strict_mime_encoding_domain = yes
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/confixx_virtualUsers,
hash:/etc/postfix/confixx_localDomains
master.cf
smtp inet n - n - 1 postscreen
-o myhostname=server1.art-domains.de
smtpd pass - - n - 1 smtpd
-o receive_override_options=no_address_mappings
-o smtp_send_xforward_command=yes
-o content_filter=lmtp-amavis:[127.0.0.1]:10024
-o smtp_bind_address=127.0.0.1
195.137.213.14:submission inet n - - 0 -
smtpd
-o myhostname=server1.art-domains.de
-o smtpd_sasl_auth_enable=yes
-o receive_override_options=no_address_mappings
-o
smtpd_recipient_restrictions=$submission_smtpd_recipient_restrictions
-o content_filter=lmtp-amavis:[127.0.0.1]:10026
-o smtp_bind_address=127.0.0.1
-o anvil_rate_time_unit=120s
195.137.213.14:smtp inet n - - 0 - smtpd
-o myhostname=server1.art-domains.de
-o smtpd_sasl_auth_enable=yes
-o receive_override_options=no_address_mappings
-o
smtpd_recipient_restrictions=$submission_smtpd_recipient_restrictions
-o content_filter=lmtp-amavis:[127.0.0.1]:10026
-o smtp_bind_address=127.0.0.1
-o anvil_rate_time_unit=120s
lmtp-amavis unix - - - - 6 lmtp
-o lmtp_data_done_timeout=1200s
-o lmtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop
-f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
scache unix - - - - 1 scache
discard unix - - - - - discard
tlsmgr unix - - - 1000? 1 tlsmgr
retry unix - - n - - error
proxywrite unix - - n - 1 proxymap
--
Mit freundlichen Grüßen,
Jim Knuth
P.S.: Bitte senden Sie KEINE HTML-Mails!
#####
Zufallszitat:
Wer in Blut und Sprüchen schreibt, der will nicht gelesen,
sondern auswendig gelernt werden. [Nietzsche]
Mehr Informationen über die Mailingliste Postfixbuch-users