[Rspamd-Users] rspamd DKIM, Mimecast and Content-Encoding

Darrin Smart darrin at filmlight.ltd.uk
Wed Oct 23 07:36:27 UTC 2024 


> On Oct 21, 2024, at 10:44 PM, Florian Effenberger <florian at effenberger.org> wrote:
> 
> Do you by any chance have the Postfix config snippets at hand, so I could reuse them?

Here's some info from our setup. Keep in mind this is just my implementation, there could well be better ways to handle it now. We are running an old Postfix (2.10.1).

From /etc/postfix/main.cf:

multi_instance_directories = /etc/postfix-out
multi_instance_enable = yes
relayhost = [localhost]:10029
smtpd_milters = inet:localhost:11332

From /etc/postfix-out/main.cf:

smtpd_discard_ehlo_keywords = 8bitmime
smtpd_milters = unix:/run/opendkim/opendkim-out.socket, unix:/run/openarc/openarc.socket
smtpd_recipient_restrictions = permit_mynetworks, reject

From /etc/postfix-out/master.cf:

localhost:10029      inet  n       -       n       -       -       smtpd


The idea is to use Postfix's multi-instance functionality to run two Postfix servers, the main one configured in /etc/postfix and the outbound one in /etc/postfix-out. This latter server is set up to drop 8bitmime support, and listen on localhost:10029 for smtp connections. It only task is to sign mail and forwards it out to the internet. It uses OpenDKIM and OpenARC milters to do the signing.

The main Postfix instance is what listens on port 25 for incoming mail for the internet, port 465/587 for MUA submission etc. It has a relayhost configured which directs anything not delivered locally to the postfix-out instance. It uses rspamd for incoming mail via localhost:11332.

You mentioned the 'force_mime_input_conversion' parameter. This might be better with newer Postfix versions:

Perhaps enable it in main.cf but override it in master.cf for connections on port 25, so that incoming mail from the internet is *not* converted to 7-bit, but everything else is. Then I expect you could use a single Postfix instance and probably use rspamd to sign as well as check DKIM signatures.

Ah, like this: https://www.mail-archive.com/postfix-users@postfix.org/msg99986.html

Hope this helps.

Darrin

More information about the Users mailing list