[Postfixbuch-users] Signierung mit DKIM geht nicht

Jim Knuth jk at jkart.de
Fr Feb 25 16:50:51 CET 2011


am 25.02.11 16:26 schrieb Kai Fürstenberg <kai_postfix at fuerstenberg.ws>:

> Am 25.02.2011 16:10, schrieb Jim Knuth:
>> am 25.02.11 15:59 schrieb Kai Fürstenberg<kai_postfix at fuerstenberg.ws>:
>>
>>> Hallo,
>>>
>>> Am 25.02.2011 15:17, schrieb Jim Knuth:
>>>> policy_bank gibt’s auch in der amavisd.conf
>>>>
>>>> Bitte erleuchtet mich und sagt mir, ob ich noch was liefern
>>>> muss. Danke.
>>>
>>> Prüf mal folgendes:
>>>
>>> $enable_dkim_signing = 1;
>>> dkim_key(); #(entsprechend eintragen)
>>
>> $enable_dkim_verification = 1;
>> $enable_dkim_signing = 1;
>>
>> dkim_key('server1.art-domains.de', 'main',
>> '/var/lib/amavis/dkim/dkim-key.pem');
>> @dkim_signature_options_bysender_maps = (
>>       { '.' =>  { ttl =>  21*24*3600, c =>  'relaxed/simple' } } );
>>
>>>
>>> Außerdem müssen die eigenen Domains als lokal betrachtet werden.
>>> @local_domains_maps #(entsprechend eintragen)
>>
>> @local_domains_maps = ( read_hash("$MYHOME/local_domains") );
>>
>> und DA (in local_domains) steht sie auch drin
>>
>>>
>>> In der policy_bank:
>>> $originating=1;
>>
>> so ist es
>>
>>>
>>> Ansonsten wäre die Amavis-Konfig sehr hilfreich.
>>
>> das obige ist ja eigentlich nur relevant, oder?
>
> Relevant ist das in erster Linie "$originating" und "@local_domains_maps".
>
> Wie lieferst du die Mails ein und wie kommen sie zu Amavis und wie wird
> die policy_bank aufgerufen?
>

mmh, da brauchst du wohl postconf -n und die master.cf?

postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
always_bcc = web1p5
biff = no
body_checks = regexp:$filter/body_checks.regexp
bounce_queue_lifetime = 3d
bounce_template_file = /etc/postfix/bounce.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
default_privs = mail
delay_warning_time = 3h
disable_vrfy_command = yes
header_checks = regexp:$filter/header_checks.regexp 
pcre:$filter/header_checks.pcre
home_mailbox = Maildir/
html_directory = no
inet_interfaces = 77.236.98.239, 127.0.0.1
local_destination_concurrency_limit = 1
local_header_rewrite_clients =
local_recipient_maps = proxy:unix:passwd.byname
mail_name = Postfix-Amavis
mail_owner = postfix
mailbox_command = /usr/bin/procmail -t /etc/procmailrc
mailbox_size_limit = 102400000
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
maximal_queue_lifetime = 3d
message_size_limit = 51200000
mime_header_checks = pcre:$filter/mime_header_checks
mydestination = $myhostname
myhostname = server1.art-domains.de
mynetworks = 127.0.0.0/8
myorigin = $myhostname
nested_header_checks = $header_checks
newaliases_path = /usr/bin/newaliases
postscreen_bare_newline_action = drop
postscreen_bare_newline_enable = yes
postscreen_dnsbl_action = drop
postscreen_dnsbl_sites = black.uribl.com    zen.spamhaus.org 
bl.spamcop.net    dnsbl.njabl.org    ix.dnsbl.manitu.net
postscreen_dnsbl_threshold = 2
postscreen_greet_action = drop
postscreen_helo_required = yes
postscreen_non_smtp_command_enable = yes
postscreen_pipelining_action = drop
postscreen_pipelining_enable = yes
proxy_read_maps = proxy:mysql:$mysql/client_access.cf	 
proxy:mysql:$mysql/sender_access.cf    	 proxy:unix:passwd.byname
queue_directory = /var/spool/postfix
readme_directory = no
recipient_delimiter = +
remote_header_rewrite_domain =
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
show_user_unknown_table_name = no
smtp_bind_address = 77.236.98.239
smtp_connect_timeout = 90s
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 20
smtpd_client_connection_rate_limit = 100
smtpd_client_message_rate_limit = 100
smtpd_client_recipient_rate_limit = 100
smtpd_data_restrictions = reject_multi_recipient_bounce 
reject_unauth_pipelining
smtpd_hard_error_limit = 5
smtpd_helo_required = yes
smtpd_junk_command_limit = 50
smtpd_policy_service_max_idle = 3600s
smtpd_policy_service_max_ttl = 3600s
smtpd_proxy_options = speed_adjust
smtpd_recipient_restrictions = permit_mynetworks 
reject_non_fqdn_sender	reject_non_fqdn_recipient 
reject_unknown_recipient_domain        reject_unknown_sender_domain	 
       permit_sasl_authenticated	reject_unauth_destination 
reject_invalid_hostname        reject_unlisted_sender	 
reject_unlisted_recipient	check_recipient_access 
hash:$filter/verbotene_empfaenger        check_client_access 
pcre:$filter/dynip                check_client_access 
proxy:mysql:$mysql/client_access.cf        check_sender_access 
proxy:mysql:$mysql/sender_access.cf 
check_sender_mx_access hash:$filter/wildcard_mx 
check_sender_mx_access cidr:$filter/bogon_networks.cidr 
check_policy_service inet:127.0.0.1:12525        check_policy_service 
inet:127.0.0.1:10031
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = mail.server1.art-domains.de
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = $certs/postfix_public_cert.pem
smtpd_tls_key_file = $certs/postfix_private_key.pem
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 7200s
smtpd_use_tls = yes
strict_mime_encoding_domain = yes
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/confixx_virtualUsers, 
hash:/etc/postfix/confixx_localDomains

master.cf

smtp     inet  n       -       n       -       1       postscreen
     -o myhostname=server1.art-domains.de

smtpd     pass  -       -       n       -       1     smtpd
     -o receive_override_options=no_address_mappings
     -o smtp_send_xforward_command=yes
     -o content_filter=lmtp-amavis:[127.0.0.1]:10024
     -o smtp_bind_address=127.0.0.1

195.137.213.14:submission inet n      -       -       0       - 
smtpd
     -o myhostname=server1.art-domains.de
     -o smtpd_sasl_auth_enable=yes
     -o receive_override_options=no_address_mappings
     -o 
smtpd_recipient_restrictions=$submission_smtpd_recipient_restrictions
     -o content_filter=lmtp-amavis:[127.0.0.1]:10026
     -o smtp_bind_address=127.0.0.1
     -o anvil_rate_time_unit=120s

195.137.213.14:smtp inet n      -       -       0       -       smtpd
     -o myhostname=server1.art-domains.de
     -o smtpd_sasl_auth_enable=yes
     -o receive_override_options=no_address_mappings
     -o 
smtpd_recipient_restrictions=$submission_smtpd_recipient_restrictions
     -o content_filter=lmtp-amavis:[127.0.0.1]:10026
     -o smtp_bind_address=127.0.0.1
     -o anvil_rate_time_unit=120s

lmtp-amavis unix -  -   -       -       6  lmtp
         -o lmtp_data_done_timeout=1200s
         -o lmtp_send_xforward_command=yes
         -o disable_dns_lookups=yes

127.0.0.1:10025 inet n  -       n       -       -  smtpd
         -o content_filter=
         -o smtpd_data_restrictions=reject_unauth_pipelining
         -o smtpd_authorized_xforward_hosts=127.0.0.0/8
         -o local_recipient_maps=
         -o relay_recipient_maps=
         -o smtpd_restriction_classes=
         -o smtpd_client_restrictions=permit_mynetworks,reject
         -o smtpd_helo_restrictions=
         -o smtpd_sender_restrictions=
         -o smtpd_recipient_restrictions=permit_mynetworks,reject
		-o mynetworks=127.0.0.0/8

		dnsblog   unix  -       -       n       -       0       dnsblog
		tlsproxy  unix  -       -       n       -       0       tlsproxy
		pickup    fifo  n       -       -       60      1       pickup
		cleanup   unix  n       -       -       -       0       cleanup
		qmgr      fifo  n       -       -       300     1       qmgr
		rewrite   unix  -       -       -       -       -       trivial-rewrite
		bounce    unix  -       -       -       -       0       bounce
		defer     unix  -       -       -       -       0       bounce
		trace     unix  -       -       -       -       0       bounce
		verify    unix  -       -       -       -       1       verify
		flush     unix  n       -       -       1000?   0       flush
		proxymap  unix  -       -       n       -       -       proxymap
		smtp      unix  -       -       -       -       -       smtp
		relay     unix  -       -       -       -       -       smtp
		showq     unix  n       -       -       -       -       showq
		error     unix  -       -       -       -       -       error
		local     unix  -       n       n       -       -       local
		virtual   unix  -       n       n       -       -       virtual
		lmtp      unix  -       -       n       -       -       lmtp
		anvil     unix  -       -       n       -       1       anvil

		maildrop  unix  -       n       n       -       -       pipe
		  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
		uucp      unix  -       n       n       -       -       pipe
		  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail 
($recipient)
		ifmail    unix  -       n       n       -       -       pipe
		  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
		bsmtp     unix  -       n       n       -       -       pipe
		  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop 
-f$sender $recipient
		scalemail-backend unix  -       n       n       -       2       pipe
		  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store 
${nexthop} ${user} ${extension}
		
		scache     unix -       -       -       -       1       scache
		discard    unix -       -       -       -       -       discard
		tlsmgr     unix -       -       -       1000?   1       tlsmgr
		retry      unix -       -       n       -       -       error
		proxywrite unix -       -       n       -       1       proxymap



-- 
Mit freundlichen Grüßen,
Jim Knuth

P.S.: Bitte senden Sie KEINE HTML-Mails!

#####
Zufallszitat:
Wer in Blut und Sprüchen schreibt, der will nicht gelesen,
sondern auswendig gelernt werden. [Nietzsche]



Mehr Informationen über die Mailingliste Postfixbuch-users