[opendmarc-users] postfix implementation

[Birta Levente]

On 18/06/2013 21:36, Scott Kitterman wrote:
>
>
> Andreas Schulze <sca at andreasschulze.de> wrote:
>
>> Am 18.06.2013 16:13 schrieb Birta Levente:
>>> So how it recommended to implement with postfix?
>> 1. I define some macros in main.cf
>> spf_milter       = inet:localhost:10000
>> opendkim_milter  = inet:localhost:10001
>> opendmarc_milter = inet:localhost:10002
>> amavisd_milter   = inet:localhost:10003
>>
>> 2. I attach them to my smtpd handling inbound traffic in master.cf
>> smtpd      inet  n - - - - smtpd
>> -o
>> smtpd_milters=${spf_milter},${opendkim_milter},${opendmarc_milter},${amavisd_milter}
>>
>> submission inet  n - - - - smtpd
>> -o milter_macro_daemon_name=ORIGINATING
>>   # in opendkim.conf: MTA ORIGINATING
>> -o smtpd_milters=${amavisd_milter},${opendkim_milter}
>> -o smtpd_sasl_auth_enable=yes
>> -o syslog_name=postfix/submission
>>
>>> Maybe using amavisd-new as milter?
>> http://amavisd-milter.sourceforge.net/ runs fine!
>> I attach my policybank_patch to select different amavisd-new policy
>> banks by
>> milter_macro_daemon_name.
>>
>>> But the problem is the spf verification. Which spf milter should I
>> use?
>> I use http://sourceforge.net/projects/smfs/files/smf-spf-2.0.2.tar.gz/
>> with the attached patches it fit to my needs.
>>
>>> As I understand, I cannot use check_policy_service (with
>>> pypolicyd-spf for example) in smtpd_recipient_restrictions because
>>> is called after the milter.
>> right, postfix check_policy_service does help nothing here.
>
> Not true.


You right. It's work. Need smtpd_delay_reject = yes (BTW that's the 
default) and check_policy_service work in smtpd_recipient_restrictions.

Thank you Scott!

Levi








-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3889 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.trusteddomain.org/pipermail/opendmarc-users/attachments/20130619/36639b67/attachment.bin>