Open Safari77 opened 8 years ago
Cert subject might be setup by a remote connection as well if it is trusted (e.g. by means of DANE or PKI). Hence, this value cannot be used. Moreover, the auth_ssf
macro that specifies some mystery 'encryption bits' by sendmail, is not presented in Postfix. Therefore, I see no ways how to solve your problem without deep patching of MTA. The only thing I do is to setup special map of ip networks for which all mail should be signed regardless authentication.
I had the same problem – took me some time to figure out that I could try auth_only = no;
Logging would be appreciated
There is now option called sign_networks
which is intended to contain IP or networks for which rmilter should perform DKIM signing.
with "auth_only = yes", rmilter does not add dkim in these cases: 1) user connects to postfix submission port and authenticates using certificate 2) local user executes
/usr/sbin/sendmail.postfix
(e.g., using mutt)For 1) , can a feature in rmilter be implemented that checks
{cert_subject}
, since postfix does not write{auth_authen}
into milter? I have allowed only postfix to access rmilter at 127.0.0.1:6666 .2) ... this sucks, milter protocol sucks
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.