vstakhov
commented
8 years ago Cert subject might be setup by a remote connection as well if it is trusted (e.g. by means of DANE or PKI). Hence, this value cannot be used. Moreover, the auth_ssf macro that specifies some mystery 'encryption bits' by sendmail, is not presented in Postfix. Therefore, I see no ways how to solve your problem without deep patching of MTA. The only thing I do is to setup special map of ip networks for which all mail should be signed regardless authentication.
basbebe
with "auth_only = yes", rmilter does not add dkim in these cases: 1) user connects to postfix submission port and authenticates using certificate 2) local user executes
/usr/sbin/sendmail.postfix(e.g., using mutt)For 1) , can a feature in rmilter be implemented that checks
{cert_subject}, since postfix does not write{auth_authen}into milter? I have allowed only postfix to access rmilter at 127.0.0.1:6666 .2) ... this sucks, milter protocol sucks
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.