Configure postfix to DKIM-sign emails generated from the system
My web hosting server features a Postfix setup up and running. That postfix is also open with STARTTLS
on port 587 for authorized users (only me, myself and I right now) to send emails to any domain after signing it with DKIM.
Every email I send via Outlook authenticating myself is fine. All DMARC reports display no error. The problem is when web applications send email via that Postfix.
Since I use Apache's mod-itk
for PHP hosting, all emails are generated by [email protected]
and submitted to Postfix via standard means (sendmail???).
But in that way they are not DKIM-signed. Consider the following:
$ mail [email protected]
Subject: Test DKIM
Hello
.
EOT
Port25 responded:
----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified: [email protected]
DNS record(s):
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified:
Postfix logs don't show dkimproxy
interaction.
Before posting my configuration, let's repeat the situation and ask the question.
Currently, when I send an email via SMTP/TLS on port 587 it gets DKIM-signed. When a process on the server sends an email using mail
command or PHP builtin mail function, the mail dorsn't get signed by dkimproxy.
The question is: how to sign every email coming from the server itself with dkimproxy
?
Configuration is pasted to http://pastebin.ca/2374363. Please note that I have only dkimproxy.out
enabled for the moment
You added dkim SIGNING to submission port only.
Postfix handles smtp separatly submission from pickup (mails submited by sendmail command are entering postfix via pickup)
In postfix You should use dkim milter in main.cf
smtpd_milters = inet:localhost:10027
non_smtpd_milters = inet:localhost:10027
First line is for SMTP submission (port 587)
Second line is for mails entering via pickup
One thing to note is that bounce messages and NDR reports generated internally by postfix will not be DKIM signed
Reference http://www.postfix.org/MILTER_README.html