<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=en-FI link=blue vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span lang=EN-GB>Hi.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB>You just need to make sure that signing happens _<i>LAST</i>_ in the milter chain configured in master.cf, and if you want the header signing to not be broken, cleanup any headers added _<i>after</i>_ signing (the fact that it arrives on the 10029 smtp socket from amavis before submission to the final destination adds a localhost received from header). Heres an example of my setup signing with amavis built-in dkim capability. I have configured some magic for amavis to not inject any headers itself in the signing listener so that they don’t hit the cleanup_internal header purge and thus break signing again. This way Wallace does its thing way before the signing even happens so the body and headers are intact from DKIMs point of view when transmitting the message (iirc my settings are simple/simple and all of this works flawlessly).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB># Filter email through Amavisd<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>smtp-amavis unix - - n - 3 smtp<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtp_data_done_timeout=1800<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o disable_dns_lookups=yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtp_send_xforward_command=yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o max_use=20<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtp_bind_address=127.0.0.1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB># Listener to re-inject email from Amavisd into Postfix<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>127.0.0.1:10025 inet n - n - 100 smtpd<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o cleanup_service_name=cleanup_internal<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o content_filter=smtp-wallace:[127.0.0.1]:10026<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o local_recipient_maps=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o relay_recipient_maps=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtpd_restriction_classes=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtpd_client_restrictions=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtpd_helo_restrictions=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtpd_sender_restrictions=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtpd_recipient_restrictions=permit_mynetworks,reject<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o mynetworks=127.0.0.0/8<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtpd_authorized_xforward_hosts=127.0.0.0/8<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB># Filter email through Wallace<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>smtp-wallace unix - - n - 3 smtp<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtp_data_done_timeout=1800<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o disable_dns_lookups=yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtp_send_xforward_command=yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o max_use=20<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB># Listener to re-inject email from Wallace into Postfix<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>127.0.0.1:10027 inet n - n - 100 smtpd<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o cleanup_service_name=cleanup_internal<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o content_filter=smtp-amavis-dkim:[127.0.0.1]:10028<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o local_recipient_maps=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o relay_recipient_maps=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtpd_restriction_classes=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtpd_client_restrictions=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtpd_helo_restrictions=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtpd_sender_restrictions=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtpd_recipient_restrictions=permit_mynetworks,reject<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o mynetworks=127.0.0.0/8<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtpd_authorized_xforward_hosts=127.0.0.0/8<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB># Send mail second time to amavis for DKIM<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>smtp-amavis-dkim unix - - n - 3 smtp<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtp_data_done_timeout=1800<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o disable_dns_lookups=yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtp_send_xforward_command=yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o max_use=20<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtp_bind_address=127.0.0.1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB># Listener to re-inject email from DKIM signing<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>127.0.0.1:10029 inet n - n - 100 smtpd<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o cleanup_service_name=cleanup_internal<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o content_filter=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o local_recipient_maps=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o relay_recipient_maps=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtpd_restriction_classes=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtpd_client_restrictions=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtpd_helo_restrictions=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtpd_sender_restrictions=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtpd_recipient_restrictions=permit_mynetworks,reject<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o mynetworks=127.0.0.0/8<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> -o smtpd_authorized_xforward_hosts=127.0.0.0/8</span><span lang=en-FI><o:p></o:p></span></p><p class=MsoNormal><span lang=en-FI><o:p> </o:p></span></p><p class=MsoNormal><span lang=en-FI>Jupiter "Zapotah" Vuorikoski<o:p></o:p></span></p><p class=MsoNormal><span lang=en-FI><o:p> </o:p></span></p><div style='mso-element:para-border-div;border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal style='border:none;padding:0cm'><b><span lang=en-FI>From: </span></b><span lang=en-FI><a href="mailto:jankow@datenkollektiv.net">Jan Kowalsky</a><br><b>Sent: </b>Sunday, 3 June 2018 0.38<br><b>To: </b><a href="mailto:users@lists.kolab.org">users@lists.kolab.org</a><br><b>Subject: </b>Re: wallace breaks dkim signature<o:p></o:p></span></p></div><p class=MsoNormal><span lang=en-FI><o:p> </o:p></span></p></div></body></html>