Opendkim verification when using Dspam

Question

I have Opendkim working well for signing messages but verification fail, I guess that's because emails are injected from Dspam on 127.0.0.1:25000 so Opendkim try to sign the mail instead of verifying it

This is an exemple when receiving a mail from gmail :

Dec  3 13:10:58 mail postfix/smtpd[16282]: connect from mail-qy0-f169.google.com[209.85.216.169]
Dec  3 13:10:59 mail postfix/smtpd[16282]: NOQUEUE: filter: RCPT from mail-qy0-f169.google.com[209.85.216.169]: <XXX@YYY.com>: Recipient address triggers FILTER smtp-dspam:[127.0.0.1]:25000; from=<YYY@gmail.com> to=<XXX@YYY.com> proto=ESMTP helo=<mail-qy0-f169.google.com>
Dec  3 13:10:59 mail postfix/smtpd[16282]: 997C03FF20: client=mail-qy0-f169.google.com[209.85.216.169]
Dec  3 13:10:59 mail postfix/cleanup[16290]: 997C03FF20: message-id=<AANLkTinFdJWRNk3V+u8Q9+6PQ9PR-+JERwJuerYrWCoc@mail.gmail.com>
Dec  3 13:10:59 mail opendkim[15867]: 997C03FF20: mail-qy0-f169.google.com [209.85.216.169] not internal
Dec  3 13:10:59 mail opendkim[15867]: 997C03FF20: not authenticated
Dec  3 13:10:59 mail opendkim[15867]: 997C03FF20: no signature data

I think having dkim before dspam would solve the problem but I don't see how ?

this is my Postfix conf :

main.cf :

smtpd_recipient_restrictions =  check_recipient_access pcre:/etc/postfix/dspam_filter
                                permit_mynetworks
                                permit_sasl_authenticated
                                reject_non_fqdn_recipient
                                reject_non_fqdn_sender
                                reject_non_fqdn_helo_hostname
                                reject_invalid_helo_hostname
                                reject_unknown_sender_domain
                                reject_unknown_recipient_domain
                                reject_unlisted_recipient
                                reject_unlisted_sender
                                reject_unauth_destination
                                #reject_rbl_client bl.spamcop.net
                                #reject_rbl_client zen.spamhaus.org
                                check_recipient_access pcre:/etc/postfix/dspam_filter_rejectexternal
                                check_sender_access pcre:/etc/postfix/dspam_filter_rejectexternal
                                permit

milter_default_action = accept
smtpd_milters = inet:127.0.0.1:8891

master.cf :

localhost:25001 inet    n       -       -       -       -       smtpd
  -o content_filter=
  -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
  -o smtpd_helo_restrictions=
  -o smtpd_client_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0.0/8
  -o smtpd_authorized_xforward_hosts=127.0.0.0/8

score 1 · Answer 1 · answered Aug 08 '11 at 04:34

1

The no_milters option at the end of your receive_override_options is telling Postfix not to use milters after the mail is re-injected. That's usually used to stop OpenDKIM from signing a mail twice when using a content filter.

Your question says DSpam is injecting on 25000, but your master.cf is set up for 25501. Which one is accurate?

answered Aug 08 '11 at 04:34

SteveJ

482
1
7
13

my mistake, DSPAM receives on 25000 and inject on 25001 – user62555 Aug 09 '11 at 08:10

Opendkim verification when using Dspam

1 Answers1