Configure Postfix to reject mails with invalid DKIM signature

Question

I have configured Postfix to sign my mails using OpenDKIM. (I followed this tutorial.)

Now I would like to configure Postfix to reject mails for domains that have DKIM configured and the mail lacks a proper signature (eg. when my own domain is used as fake sender address).

In opendkim.conf I enabled verification (Mode sv) and in Postfic main.conf I have

milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301

Im mail.log I found

Feb 24 19:25:10 myhost postfix/cleanup[20016]: 113623DC1119: message-id=<20140623093302970001.H132BE30.southlands@example.com>
Feb 24 19:25:10 myhost opendkim[1355]: 113623DC1119: [78.90.96.5] [78.90.96.5] not internal
Feb 24 19:25:10 myhost opendkim[1355]: 113623DC1119: not authenticated
Feb 24 19:25:10 myhost opendkim[1355]: 113623DC1119: no signature data
Feb 24 19:25:10 myhost postfix/qmgr[1791]: 113623DC1119: from=<southlands515@example.dom>, size=1981, nrcpt=1 (queue active)

So OpenDKIM seems to have noticed that this mail isn't valid, but it didn't get rejected.

score 0 · Answer 1 · edited Apr 13 '17 at 12:14

0

I followed this:

milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301

edited Apr 13 '17 at 12:14

Community

1

answered Jan 27 '17 at 03:41

BRJMM

1

1

Except for the older protocol version, I have the same. Did you actually see mails being rejected due to invalid DKIM signatures by your Postfix ? I don't. – Gene Vincent Jan 28 '17 at 05:38

Configure Postfix to reject mails with invalid DKIM signature

1 Answers1