From 119f0e172f26e1333a1c8f2dd7154e513fd52790 Mon Sep 17 00:00:00 2001 From: Christoph Date: Mon, 2 Feb 2026 19:43:18 +0100 Subject: [PATCH] install_postfix_advanced.sh: fix OpenDKIM/OpenDMARC handling. --- install_postfix_advanced.sh | 93 +++++++++++++++++++++++++++++++++---- 1 file changed, 84 insertions(+), 9 deletions(-) diff --git a/install_postfix_advanced.sh b/install_postfix_advanced.sh index 3ddad24..a4ba981 100755 --- a/install_postfix_advanced.sh +++ b/install_postfix_advanced.sh @@ -2994,7 +2994,7 @@ if [[ -n "$(which opendkim)" ]] || [[ -n "$(which opendmarc)" ]] ; then # ======= Milter configuration ======= -# OpenDKIM +# OpenDKIM / OpenDMARC milter_default_action = accept @@ -3011,7 +3011,23 @@ milter_protocol = 6 # localhost:10025 section in master.cf: 'smtpd_milters=' # smtpd_milter_maps = cidr:/etc/postfix/smtpd_milter_map -smtpd_milters = +EOF + if [[ -n "$(which opendkim)" ]] && [[ -n "$(which opendmarc)" ]] ; then + cat <> /etc/postfix/main.cf +smtpd_milters = local:/opendkim/opendkim.sock,local:/opendmarc/opendmarc.sock +EOF + elif [[ -n "$(which opendkim)" ]] ; then + cat <> /etc/postfix/main.cf +smtpd_milters = local:/opendkim/opendkim.sock +EOF + else + cat <> /etc/postfix/main.cf +smtpd_milters = local:/opendmarc/opendmarc.sock +EOF + fi + + cat <> /etc/postfix/main.cf + # Was sind non_smtpd_milters? # # non_smtpd_milters gilt für alle Postfix-Prozesse, die Mails verarbeiten, aber NICHT @@ -3038,19 +3054,78 @@ smtpd_milters = # # - etc. # -# -EOF -fi - -if [[ -n "$(which opendkim)" ]] ; then - cat <> /etc/postfix/main.cf # DKIM soll auch die ausgehenden Mails signieren, die nicht über smtpd daemon versendet werden. # +EOF + + if [[ -n "$(which opendkim)" ]] && [[ -n "$(which opendmarc)" ]] ; then + cat <> /etc/postfix/main.cf +non_smtpd_milters = local:/opendkim/opendkim.sock,local:/opendmarc/opendmarc.sock +EOF + elif [[ -n "$(which opendkim)" ]] ; then + cat <> /etc/postfix/main.cf non_smtpd_milters = local:/opendkim/opendkim.sock EOF + else + cat <> /etc/postfix/main.cf +non_smtpd_milters = local:/opendmarc/opendmarc.sock +EOF + fi else cat <> /etc/postfix/main.cf -non_smtpd_milters = + + +# ======= Milter configuration ======= + +# OpenDKIM / OpenDMARC + +milter_default_action = accept + +# Postfix ≥ 2.6 milter_protocol = 6, Postfix ≤ 2.5 milter_protocol = 2 +milter_protocol = 6 + +# Note: +# We will sign AFTER sending through AmaVIS, just befor sending out. So +# set 'smtpd_milters =' to an emty string here and add to localhost:10025 +# section in master.cf: 'smtpd_milters=local:/opendkim/opendkim.sock' +# +# If you want sign mails before sending through AmaVIS, set +# 'smtpd_milters = local:/opendkim/opendkim.sock' here and add to +# localhost:10025 section in master.cf: 'smtpd_milters=' +# +smtpd_milter_maps = cidr:/etc/postfix/smtpd_milter_map +#smtpd_milters = + +# Was sind non_smtpd_milters? +# +# non_smtpd_milters gilt für alle Postfix-Prozesse, die Mails verarbeiten, aber NICHT +# der smtpd-Daemon sind. +# +# Das betrifft z. B.: +# +# cleanup Header/Content-Bereinigung +# qmgr Queue-Manager +# lmtp / smtp Auslieferung nach extern +# local lokale Zustellung +# +# Das sind z. B.: +# +# - interne Bounces (MAILER-DAEMON) +# +# - Cron-Mails vom Server +# +# - Weiterleitungen, die Postfix selbst generiert +# +# - Mails, die über sendmail CLI gesendet werden +# +# - Mails, die Amavis über LMTP zurückgibt +# +# - etc. +# +# DKIM soll auch die ausgehenden Mails signieren, die nicht über smtpd daemon versendet werden. +# +#non_smtpd_milters = + EOF fi