1 Topic by mat.marius (edited by mat.marius 2021-05-05 23:43:30)

  • mat.marius
  • Member
  • Offline
  • Registered: 2020-10-06
  • Posts: 4

Topic: amavisd not signing emails without authentication

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.1 MARIADB edition.
- Deployed with iRedMail Easy or the downloadable installer?: downloadable installer
- Linux/BSD distribution name and version: Ubuntu 20.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hello guys, do you know why amavis in not signing emails that are being relayed by iredmail or if is a way to sign them too ?
I 'm using iredmail also for relaying for a few local printers.
Thanks for any help.
--Marius

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,787

Re: amavisd not signing emails without authentication

Could you please turn on debug mode in Amavisd and show us related log lines?
FYI: https://docs.iredmail.org/debug.amavisd.html

3 Reply by mat.marius

  • mat.marius
  • Member
  • Offline
  • Registered: 2020-10-06
  • Posts: 4

Re: amavisd not signing emails without authentication

to make a difference this is the mail.log with authentication and I get the dkim signature correctly

https://pastebin.com/Xjt3wdb0

and this is without authentication

https://pastebin.com/2DiUsFEQ

In order to relay the I've added the client IP in /etc/postfix/main.cf -- mynetworks option

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,787

Re: amavisd not signing emails without authentication

mat.marius wrote:

In order to relay the I've added the client IP in /etc/postfix/main.cf -- mynetworks option

Try to add this IP to Amavisd config file /etc/amavis/conf.d/50-user, parameter "@mynetworks =".

We have this policy bank in amavisd by default, it signs DKIM signature for trusted networks:

$policy_bank{'MYNETS'} = {
    originating => 1,
    ...
    enable_dkim_signing => 1,
};

5 Reply by mat.marius (edited by mat.marius 2021-05-11 00:51:26)

  • mat.marius
  • Member
  • Offline
  • Registered: 2020-10-06
  • Posts: 4

Re: amavisd not signing emails without authentication

I do  see a change but I get a DKIM failed from gmail or yahoo.
See the complete logs :
https://pastebin.com/sUKq8FqF

Gmail sais
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (bad format)

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,787

Re: amavisd not signing emails without authentication

It says "bad format". Do other email vendors report similar error? Maybe you should re-generate the DKIM key and publish again?