使用 Dspam 时进行 Opendkim 验证

tag-icon tag-icon postfix dkim dspam
使用 Dspam 时进行 Opendkim 验证

我的 Opendkim 可以很好地签名消息,但验证失败,我猜这是因为电子邮件是从 127.0.0.1:25000 上的 Dspam 注入的,因此 Opendkim 尝试签名邮件而不是验证它

这是接收来自 Gmail 的邮件的示例:

Dec  3 13:10:58 mail postfix/smtpd[16282]: connect from mail-qy0-f169.google.com[209.85.216.169]
Dec  3 13:10:59 mail postfix/smtpd[16282]: NOQUEUE: filter: RCPT from mail-qy0-f169.google.com[209.85.216.169]: <[email protected]>: Recipient address triggers FILTER smtp-dspam:[127.0.0.1]:25000; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-qy0-f169.google.com>
Dec  3 13:10:59 mail postfix/smtpd[16282]: 997C03FF20: client=mail-qy0-f169.google.com[209.85.216.169]
Dec  3 13:10:59 mail postfix/cleanup[16290]: 997C03FF20: message-id=<[email protected]>
Dec  3 13:10:59 mail opendkim[15867]: 997C03FF20: mail-qy0-f169.google.com [209.85.216.169] not internal
Dec  3 13:10:59 mail opendkim[15867]: 997C03FF20: not authenticated
Dec  3 13:10:59 mail opendkim[15867]: 997C03FF20: no signature data

我认为在 dspam 之前使用 dkim 可以解决问题,但我不知道如何解决?

这是我的 Postfix 配置:

主配置文件:

smtpd_recipient_restrictions =  check_recipient_access pcre:/etc/postfix/dspam_filter
                                permit_mynetworks
                                permit_sasl_authenticated
                                reject_non_fqdn_recipient
                                reject_non_fqdn_sender
                                reject_non_fqdn_helo_hostname
                                reject_invalid_helo_hostname
                                reject_unknown_sender_domain
                                reject_unknown_recipient_domain
                                reject_unlisted_recipient
                                reject_unlisted_sender
                                reject_unauth_destination
                                #reject_rbl_client bl.spamcop.net
                                #reject_rbl_client zen.spamhaus.org
                                check_recipient_access pcre:/etc/postfix/dspam_filter_rejectexternal
                                check_sender_access pcre:/etc/postfix/dspam_filter_rejectexternal
                                permit

milter_default_action = accept
smtpd_milters = inet:127.0.0.1:8891

master.cf:

localhost:25001 inet    n       -       -       -       -       smtpd
  -o content_filter=
  -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
  -o smtpd_helo_restrictions=
  -o smtpd_client_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0.0/8
  -o smtpd_authorized_xforward_hosts=127.0.0.0/8

答案1

位于您的receive_override_options末尾的no_milters选项告诉Postfix在邮件重新注入后不要使用milters。这通常用于在使用内容过滤器时阻止OpenDKIM对邮件进行两次签名。

您的问题说 DSpam 正在向 25000 注入,但您的 master.cf 设置为 25501。哪一个是正确的?

相关内容