6

I have configured Postfix to sign my mails using OpenDKIM. (I followed this tutorial.)

Now I would like to configure Postfix to reject mails for domains that have DKIM configured and the mail lacks a proper signature (eg. when my own domain is used as fake sender address).

In opendkim.conf I enabled verification (Mode sv) and in Postfic main.conf I have

milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301

Im mail.log I found

Feb 24 19:25:10 myhost postfix/cleanup[20016]: 113623DC1119: message-id=<20140623093302970001.H132BE30.southlands@example.com>
Feb 24 19:25:10 myhost opendkim[1355]: 113623DC1119: [78.90.96.5] [78.90.96.5] not internal
Feb 24 19:25:10 myhost opendkim[1355]: 113623DC1119: not authenticated
Feb 24 19:25:10 myhost opendkim[1355]: 113623DC1119: no signature data
Feb 24 19:25:10 myhost postfix/qmgr[1791]: 113623DC1119: from=<southlands515@example.dom>, size=1981, nrcpt=1 (queue active)

So OpenDKIM seems to have noticed that this mail isn't valid, but it didn't get rejected.

Gene Vincent
  • 375

3 Answers3

0

I followed this:

milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301
Community
  • 1
BRJMM
  • 1
0

For the DKIM proxy to actually reject an e-mail, the source domain should have a DKIM ADSP policy record set to discardable. This is a safeguard not to reject messages from domains which are not signing all the messages.

Lukasz032
  • 116
0

Add this in the file /etc/opendkim.conf

On-BadSignature reject
On-NoSignature reject

when a signature fails to validate or a message arrives unsigned

Community
  • 1
OD Nightingale
  • 1