DKIM for locally submitted mail - set content_filter = amavis:[127.0.0.1]:10026
With amavis, the default value of content_filter set by ISPConfig is:
content_filter = amavis:[127.0.0.1]:10024
Port 10024 is used for incoming mail, not outgoing, and DKIM signing is available on port 10026 in amavis config:
$interface_policy{'10026'} = 'ORIGINATING'; $policy_bank{'ORIGINATING'} = { originating => 1, };
This results in all mail submitted locally:
- cron jobs
- ISPConfig when "Use SMTP to send system mails" is unset
- other applications calling /usr/sbin/sendmail (standard way to submit mail) is sent without DKIM signature.
Since ALL mail received via SMTP has content_filter overridden by FILTER directives called from smtpd_sender_restrictions:
smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
where the last rule sets:
/^/ FILTER lmtp:[127.0.0.1]:10024
I believe setting content_filter to port 10026 by default should be safe. Please set default port for content_filter do 10026 instead.