# DKIM-Signierung: # $enable_dkim_signing = 1; $enable_dkim_signing = 0; $signed_header_fields{'received'} = 0; # turn off signing of Received dkim_key('haas-online.org', '2014082601', '/etc/postfix/dkim/2014082601_haas-online.org_key.pem'); dkim_key('andere-domain.de', '2014060101', '/etc/postfix/dkim/andere-domain.de_key.pem'); @mynetworks = qw(127.0.0.0/8); # list your internal networks @local_domains_maps = ( ".$mydomain", read_hash('/etc/postfix/virtual_domains') ); @client_ipaddr_policy = ( [qw( 0.0.0.0/8 127.0.0.1/8 [::] [::1] )] => 'ORIGINATING', \@mynetworks => 'ORIGINATING', ); @dkim_signature_options_bysender_maps = ( { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } # catchall defaults ); # damit Amavisd # auf 10024/tcp fuer inbound (DKIM/SPF verify, Anti-SPAM) # forwarding auf 10025/tcp # und 10026/tcp fuer outbound (DKIM sign) # forwarding auf 10027/tcp # lauscht: $inet_socket_port = [10024,10026]; # listen on multiple TCP ports $forward_method = 'smtp:[127.0.0.1]:10025'; # MTA with non-signing service $notify_method = 'smtp:[127.0.0.1]:10027'; # MTA with signing service # it is up to MTA to re-route mail from authenticated roaming users or # from internal hosts to a dedicated TCP port (such as 10026) for filtering $interface_policy{'10026'} = 'ORIGINATING'; $policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users originating => 1, # declare that mail was submitted by our smtp client allow_disclaimers => 1, # enables disclaimer insertion if available # notify administrator of locally originating malware virus_admin_maps => ["virusalert\@$mydomain"], spam_admin_maps => ["virusalert\@$mydomain"], warnbadhsender => 1, # forward to a smtpd service providing DKIM signing service forward_method => 'smtp:[127.0.0.1]:10027', # force MTA conversion to 7-bit (e.g. before DKIM signing) smtpd_discard_ehlo_keywords => ['8BITMIME'], bypass_banned_checks_maps => [1], # allow sending any file names and types terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option };