diff --git a/install/dist/tpl/gentoo/amavisd-ispconfig.conf.master b/install/dist/tpl/gentoo/amavisd-ispconfig.conf.master index 32ee177b75bc62caefcf57c0ec585be98528c81b..c05ce9835bf4bca8156cdfbe25a67dcecc1a4983 100644 --- a/install/dist/tpl/gentoo/amavisd-ispconfig.conf.master +++ b/install/dist/tpl/gentoo/amavisd-ispconfig.conf.master @@ -94,16 +94,24 @@ $LOGFILE = "/var/log/amavis.log"; # (defaults to empty, no log) $log_level = 0; # (defaults to 0) $inet_socket_port = [10024,10026]; -$forward_method = 'smtp:[127.0.0.1]:10025'; -$notify_method = 'smtp:[127.0.0.1]:10027'; + +# *:* = send to IP/HOST:incoming Port + 1 +$forward_method = 'smtp:*:*'; +$notify_method = 'smtp:*:*'; + $interface_policy{'10026'} = 'ORIGINATING'; $policy_bank{'ORIGINATING'} = { originating => 1, smtpd_discard_ehlo_keywords => ['8BITMIME'], - forward_method => 'smtp:[127.0.0.1]:10027', }; -@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 -192.168.0.0/16); + +# IP-Addresses for internal networks => load policy MYNETS +# - requires -o smtp_send_xforward_command=yes in postfix master.cf +@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 [::1] [FE80::]/10 [FEC0::]/10); + +# Allow SMTP access from IPs in @inet_acl to amvisd SMTP Port +@inet_acl = qw( 127.0.0.1 [::1] 192.168.0.0/16 ); + $signed_header_fields{'received'} = 0; # turn off signing of Received $enable_dkim_verification = 1; $enable_dkim_signing = 1; diff --git a/install/tpl/amavisd_user_config.master b/install/tpl/amavisd_user_config.master index 2e5a73d5dc44111b4d95b2f85f5cf56f834d1716..c729a7c92686a2e5d63552b0fba2074ae31ab07b 100644 --- a/install/tpl/amavisd_user_config.master +++ b/install/tpl/amavisd_user_config.master @@ -76,19 +76,24 @@ $LOGFILE = "/var/log/amavis.log"; # (defaults to empty, no log) $log_level = 0; # (defaults to 0) $inet_socket_port = [10024,10026]; -$forward_method = 'smtp:[127.0.0.1]:10025'; -$notify_method = 'smtp:[127.0.0.1]:10027'; + +# *:* = send to IP/HOST:incoming Port + 1 +$forward_method = 'smtp:*:*'; +$notify_method = 'smtp:*:*'; $interface_policy{'10026'} = 'ORIGINATING'; $policy_bank{'ORIGINATING'} = { originating => 1, smtpd_discard_ehlo_keywords => ['8BITMIME'], - forward_method => 'smtp:[127.0.0.1]:10027', }; -@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 -192.168.0.0/16); -# DKIM +# IP-Addresses for internal networks => load policy MYNETS +# - requires -o smtp_send_xforward_command=yes in postfix master.cf +@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 [::1] [FE80::]/10 [FEC0::]/10); +# Allow SMTP access from IPs in @inet_acl to amvisd SMTP Port +@inet_acl = qw( 127.0.0.1 [::1] 192.168.0.0/16 ); + +# DKIM $enable_dkim_verification = 1; $enable_dkim_signing = 1; # load DKIM signing code $signed_header_fields{'received'} = 0; # turn off signing of Received diff --git a/server/plugins-available/mail_plugin_dkim.inc.php b/server/plugins-available/mail_plugin_dkim.inc.php index 7ded684ea2e69f415a361a344584e798b311202e..0e0208a472b5f812d7cac187bd7ef5d33e0398be 100755 --- a/server/plugins-available/mail_plugin_dkim.inc.php +++ b/server/plugins-available/mail_plugin_dkim.inc.php @@ -122,8 +122,8 @@ class mail_plugin_dkim { $mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail'); if ( isset($mail_config['dkim_path']) && !empty($mail_config['dkim_path']) && - isset($data['new']['dkim_private']) && - !empty($data['new']['dkim_private']) && +// isset($data['new']['dkim_private']) && +// !empty($data['new']['dkim_private']) && $mail_config['dkim_path'] != '/' ) { if (!is_dir($mail_config['dkim_path'])) { @@ -199,6 +199,10 @@ class mail_plugin_dkim { function write_dkim_key($key_file, $key_value, $key_domain) { global $app, $mailconfig; $success=false; + if ($key_file == '' || $key_value == '' || $key_domain == '') { + $app->log('DKIM internal error for domain '.$key_domain, LOGLEVEL_ERROR); + return $success; + } if ( $app->system->file_put_contents($key_file.'.private', $key_value) ) { $app->log('Saved DKIM Private-key to '.$key_file.'.private', LOGLEVEL_DEBUG); $success=true; @@ -211,7 +215,7 @@ class mail_plugin_dkim { $app->log('Saved DKIM Public to '.$key_domain.'.', LOGLEVEL_DEBUG); else $app->log('Unable to save DKIM Public to '.$key_domain.'.', LOGLEVEL_DEBUG); } else { - $app->log('Unable to save DKIM Privte-key to '.$key_file.'.private', LOGLEVEL_ERROR); + $app->log('Unable to save DKIM Private-key to '.$key_file.'.private', LOGLEVEL_ERROR); } return $success; }