Hi,
Is there a possibility to provide outgoing mails with a DKIM signature only for a certain login - sender domain combination?
The background to this is: With the sender_maps it is possible to allow different senders for a login.
The mail may only be signed for those where the login and sender domain match.
Thanks,
André
|
On 19 Nov 2020, at 5:44, [hidden email] wrote:
> Hi, Is there a possibility to provide outgoing mails with a DKIM > signature only for a certain login - sender domain combination? The > background to this is: With the sender_maps it is possible to allow > different senders for a login. The mail may only be signed for those > where the login and sender domain match. Thanks, André Because Postfix does not implement DKIM signing itself, the answer is dependent on what software you use for DKIM signing. If your signing is done in a milter, Postfix cannot select which mail is signed and which is not. That must be done in the milter itself. For example, I work with systems that use the MIMEDefang milter for signing (using the Perl Mail::DKIM module) where the decision of whether and how to sign mail is made based on the sender. -- Bill Cole [hidden email] or [hidden email] (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire |
Am 19.11.2020 um 15:44 schrieb Bill Cole:
> On 19 Nov 2020, at 5:44, [hidden email] wrote: > >> Hi, Is there a possibility to provide outgoing mails with a DKIM >> signature only for a certain login - sender domain combination? The >> background to this is: With the sender_maps it is possible to allow >> different senders for a login. The mail may only be signed for those >> where the login and sender domain match. Thanks, André > > Because Postfix does not implement DKIM signing itself, the answer is > dependent on what software you use for DKIM signing. If your signing > is done in a milter, Postfix cannot select which mail is signed and > which is not. That must be done in the milter itself. For example, I > work with systems that use the MIMEDefang milter for signing (using > the Perl Mail::DKIM module) where the decision of whether and how to > sign mail is made based on the sender. > As a milter I use OpenDKIM. The user is not transferred to the milter itself, so I have no way of deciding what should be signed there. Only Postfix knows the user, so a decision would have to be made already there what is passed on to the milter and what is not. |
>>On 19 Nov 2020, at 5:44, [hidden email] wrote:
>>>Hi, Is there a possibility to provide outgoing mails with a DKIM >>>signature only for a certain login - sender domain combination? The >>>background to this is: With the sender_maps it is possible to allow >>>different senders for a login. The mail may only be signed for those >>>where the login and sender domain match. Thanks, André >Am 19.11.2020 um 15:44 schrieb Bill Cole: >>Because Postfix does not implement DKIM signing itself, the answer is >>dependent on what software you use for DKIM signing. If your signing >>is done in a milter, Postfix cannot select which mail is signed and >>which is not. That must be done in the milter itself. For example, I >>work with systems that use the MIMEDefang milter for signing (using >>the Perl Mail::DKIM module) where the decision of whether and how to >>sign mail is made based on the sender. On 22.11.20 09:07, [hidden email] wrote: >As a milter I use OpenDKIM. The user is not transferred to the milter >itself, so I have no way of deciding what should be signed there. Only >Postfix knows the user, so a decision would have to be made already >there what is passed on to the milter and what is not. domains are signed, not users. If you want to verify user matches login, you can use smtpd_sender_login_maps and reject*sender_login_mismatch directives. That way, users won't be allowed to send from addresses they don't have enabled. you can make only some senders signed, by putting their addresses to access map with a FILTER: destination: http://www.postfix.org/access.5.html However, since signing is based on From: address and directives above use envelope address (mail from:), you should verify that they match before you sign. -- Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Your mouse has moved. Windows NT will now restart for changes to take to take effect. [OK] |
Free forum by Nabble | Edit this page |