Re: postfix / dkim: no signature for emails submitted through ssh tunnel
- Finally, after an interesting discussion over this issue on opendkim-users, I've been able to google my way out, with a solution from Wietse:
On 17 mars 2013, at 14:51, patrick.proniewski@... wrote:
> On 17 mars 2013, at 00:38, Noel Jones wrote:
>> On 3/16/2013 2:51 PM, patrick.proniewski@... wrote:
>>> I have a small problem with my postfix/dkim setup:
>>> - dkim properly sign every emails I send via my webmail frontend, crontab, or the mail command from the server.
>>> - dkim won't sign emails I send from my workstation to my server via an ssh tunnel.
>> Have you tried submitting mail from 127.0.0.1 via SMTP without the
>> tunnel? I'm guessing that doesn't work either, meaning the question
>> can be rephrased "works from non-smtpd, doesn't work with smtpd".
> I tried to telnet a mail, but DKIM won't sign it. Looks like you are right.
>>> main.cf reads:
>>> smtpd_milters = unix:/var/milter-greylist/milter-greylist.sock inet:127.0.0.1:8891
>>> non_smtpd_milters = inet:127.0.0.1:8891
>> You should check your "postconf -n" output to see if it contains
>> these same settings. The list welcome message asks for "postconf
>> -n" output, not main.cf snippings.
> postconf -n appears to be correct (in a previous message).
>> Assuming your dkim milter is on inet:127.0.0.1:8891, it appears to
>> be included in both smtpd and non-smtpd mail.
> it is.
>> Since it's not working with smtpd mail, that strongly suggests a
>> configuration problem with your dkim milter. Check your dkim
>> configuration to make sure mail from localhost will be signed.
> I've suspected a conflict or interaction between milter-greylist and milter-opendkim, but disabling milter-greylist wouldn't change anything.
> I'll check on the opendkim config side, but out of the box it's supposed to sign everything from localhost, and I've added every IP addresses of the server.
> May be there's something on the MACRO side of the problem, not sure.