Postfix and DKIM?

A

Arsen Abakarov2018-05-26 12:58:05

postfix

Arsen Abakarov, 2018-05-26 12:58:05

Postfix and DKIM?

Greetings!
I configure DKIM on the mailer, in all manuals there are such lines in the main.cf config:
milter_default_action = accept
milter_protocol = 2
smtpd_milters = "-socket-"
non_smtpd_milters = "-socket-"
the same is in /etc/opendkim.conf:
Syslog yes
Mode sv
KeyTable file:/etc/postfix/dkim/keytable
SigningTable file:/etc/postfix/dkim/signingtable
InternalHosts file:/etc/postfix/dkim/trusted_hosts
Socket "-socket-"
PidFile /var/run/opendkim/opendkim .pid
1) I still don't understand about InternalHosts.. are these addresses for which the service will not put a signature?
2) as I understand it, with this conf, incoming letters will also be checked for me, where and what to turn off so that I only sign, but do not check?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Vladimir Dubrovin, 2018-05-26
@ArsenAbakarov

InternalHosts - a list of IPs for which the DKIM signature is applied without user authentication.
It all depends on how you send emails. If you generate them locally and submit via sendmail, then it is enough to register OpenDKIM in non_smtpd_milters. If you submit them via SMTP Submission on a dedicated port (465 with SSL/TLS or 587), then it's better to write OpenDKIM's milter not in main.cf but in master.cf for the submission service on this port.
If you still send letters via SMTP, incl. through the 25th port, then yes, you need to do the configuration that you quote.
In order for DKIM to only sign and not verify the signature in opendkim.conf, you need to put
instead of
Mode sv