doc:appunti:linux:sa:postfix_opendkim
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
doc:appunti:linux:sa:postfix_opendkim [2022/05/12 13:04] – [Configure Postfix] niccolo | doc:appunti:linux:sa:postfix_opendkim [2023/10/31 11:06] (current) – [OpenDKIM on Postfix with virtual domains] niccolo | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== OpenDKIM on Postfix with virtual domains ====== | ====== OpenDKIM on Postfix with virtual domains ====== | ||
- | In this article | + | In this tutorial |
< | < | ||
apt install opendkim opendkim-tools | apt install opendkim opendkim-tools | ||
</ | </ | ||
+ | |||
+ | In Debian 11 Bullseye the service is controlled (enable, start, stop, etc.) by Systemd: | ||
+ | |||
+ | < | ||
+ | systemctl status opendkim.service | ||
+ | </ | ||
+ | |||
+ | Because Postfix is running into a chroot, it cannot access the ''/ | ||
+ | |||
+ | < | ||
+ | Socket | ||
+ | </ | ||
+ | |||
+ | The same daemon is used both for signing and verifying. Signing is performed when the client connecting to the MUA is authenticated and the **From:** address matches the domains to be signed (see the command line option **%%-d%%** or the **SigningTable** option of the ''/ | ||
===== Create the keys in / | ===== Create the keys in / | ||
Line 45: | Line 59: | ||
</ | </ | ||
- | ===== Add the domain to be signed ===== | + | ===== Add the domain |
Into the file **/ | Into the file **/ | ||
Line 53: | Line 67: | ||
</ | </ | ||
- | **NOTICE**: The use of the wildcard to indicate all the mails from a domain, the // | + | **NOTICE**: The use of the wildcard |
Remember to reload OpenDKIM after changing the **signingtable**: | Remember to reload OpenDKIM after changing the **signingtable**: | ||
Line 63: | Line 77: | ||
===== Configure OpenDKIM ===== | ===== Configure OpenDKIM ===== | ||
- | Into the **/ | + | Into the **/ |
< | < | ||
Line 102: | Line 116: | ||
===== Configure Postfix ===== | ===== Configure Postfix ===== | ||
- | To tell Postfix to use the mail filter provided by OpenDKIM, we use the **non_smtpd_milters** option | + | Message signing with OpenDKIM |
+ | |||
+ | Using the **non_smtpd_milters** directive we may add DKIM for locally generated mails, i.e. local submissions via sendmail command line, submissions to the **qmqpd**, ([[wp> | ||
+ | |||
+ | Using custom settings in **/ | ||
< | < | ||
- | # Locally generated mails are filtered with OpenDKIM. | + | submission inet n |
+ | -o syslog_name=postfix/ | ||
+ | -o smtpd_tls_security_level=encrypt | ||
+ | -o smtpd_sasl_auth_enable=yes | ||
+ | -o smtpd_tls_auth_only=yes | ||
+ | -o smtpd_client_restrictions=permit_sasl_authenticated, | ||
+ | -o smtpd_milters=$mua_milters | ||
+ | -o smtpd_sender_restrictions=$mua_sender_restrictions | ||
+ | -o smtpd_relay_restrictions=$mua_relay_restrictions | ||
+ | </ | ||
+ | |||
+ | Having done this, we define the custom **mua_milters** directive in '' | ||
+ | |||
+ | < | ||
+ | # Locally generated mails (e.g. from command line Mutt) are filtered with OpenDKIM. | ||
non_smtpd_milters = inet: | non_smtpd_milters = inet: | ||
- | # Mails received via SMTP protocol are filtered with OpenDKIM. | + | |
- | # This does not include | + | # Mails received via SMTP protocol are filtered with OpenDKIM; |
- | # for that use mua_milters | + | # messages created using SoGO webmail go through this milter. |
- | # | + | smtpd_milters = inet: |
+ | |||
+ | # Filters applied (as smtpd_milters) to messages received | ||
+ | mua_milters = | ||
+ | unix: | ||
+ | | ||
</ | </ | ||
- | FIXME This configuration | + | Another important Postfix setting is **milter_default_action**, |
+ | |||
+ | < | ||
+ | milter_default_action = tempfail | ||
+ | </ | ||
+ | |||
+ | ===== Logging ===== | ||
+ | |||
+ | When a message passes through the OpenDKIM filter, you get the following line into **mail.log**: | ||
+ | |||
+ | < | ||
+ | opendkim[983999]: | ||
+ | </ | ||
+ | |||
+ | If a message does not match any entry in **/ | ||
+ | |||
+ | < | ||
+ | opendkim[983999]: | ||
+ | opendkim[983999]: | ||
+ | </ | ||
===== Web References ===== | ===== Web References ===== |
doc/appunti/linux/sa/postfix_opendkim.1652353456.txt.gz · Last modified: 2022/05/12 13:04 by niccolo