Generic Rewrite breaks DKIM

D

DrSleez

Member
Jan 12, 2022
7
0
6
27
Hello dear forum,
I have a small problem and was wondering if there is an elegant solution for it. When we send emails through our PMG cluster, they are rewritten by Postfix (generic). The "From" address is changed from "intern1@foo.bar" to "extern@foo.bar". Unfortunately, we have noticed that the DKIM signature is set before the change. As a result, it is invalid when it reaches the recipient and sometimes the emails do not get delivered.
I have read about various solutions where hooks are added in the master file or multiple instances of Postfix are used. Since I couldn't quickly find out how PMG adds the DKIM signatures, I wanted to know if anyone here has an idea for a solution.
Best regards,
Sleez
 
DrSleez said:
hey are rewritten by Postfix (generic). The "From" address is changed from "intern1@foo.bar" to "extern@foo.bar".
Click to expand...
How exactly does this rewrite happen? - In PMG - if yes how is the config adapted for this? if no - then there's little PMG can do about rewrites happening after the mail left PMG - you can maybe switch things around so that PMG comes afterwards and does the signing then
 
The rewrite happens through the generic map (See postfix documentation) or through Canonical Maps. So I would need to find a way to hook the processing of the PMG "Magic" after the header has been rewritten in the cleanup process. Atleast that is my thinking now and I could be totally wrong or thinking too complex.
 
DrSleez said:
he rewrite happens through the generic map (See postfix documentation) or through Canonical Maps. So I would need to find a way to hook the processing of the PMG "Magic" after the header has been rewritten in the cleanup process. Atleast that is my thinking now and I could be totally wrong or thinking too complex.
Click to expand...
please share the adapted configuration.
Do you have before-queue filtering enabled (I guess this might change the information that PMG has available, and your options).
You could do the rewriting in a dedicated postfix before sending the mail to PMG
Maybe you could also do this on the PMG machine, by creating another smtpd instance that does this in the master.cf.in, which then sends the mail on to the inbound listener of PMG - but this is nothing we would support officially (and we can only provide limited help here)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back