DKIM + Disclaimer - Error (ISPConfig)

Discussion in 'Installation/Configuration' started by stef157, Dec 27, 2016.

  1. stef157

    stef157 Member

    Hi all,
    I'm trying to modify all the outgoing email.
    So I've manage to do something but it's not the right way (DKIM fail)
    (I've already post-it in linux forum… but I'm using ISPConfig… so I don't know where to post => you can delete the wrong.)
    In my master.cf :
    Code:
    127.0.0.1:10027 inet n - n - - smtpd
            -o content_filter=dfilt:
    dfilt     unix    -       n       n       -       -       pipe
        flags=Rq user=filter argv=/etc/postfix/disclaimer -f ${sender} -- ${recipient}
    
    and my disclaimer :
    Code:
    #!/bin/sh
    # Localize these.
    INSPECT_DIR=/var/spool/filter
    SENDMAIL=/usr/sbin/sendmail
    
    # Exit codes from <sysexits.h>
    EX_TEMPFAIL=75
    EX_UNAVAILABLE=69
    
    
    php -f /var/www/test-infos/ok.php in.$$ $@
    
    # Clean up when done or when aborting.
    trap "rm -f in.$$" 0 1 2 3 15
    
    # Start processing.
    cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit
    $EX_TEMPFAIL; }
    
    #cat > in.$$ || { echo Cannot save mail to file; exit $EX_TEMPFAIL; }
    
    
    
    #/usr/bin/altermime --input=in.12 \
    #                   --disclaimer=/etc/postfix/disclaimer.txt \
    #                   --disclaimer-html=/etc/postfix/disclaimer.txt \
    #                   --xheader="X-Copyrighted-Material: Please visit http://www.company.com/privacy.htm" || \
    #                     { echo Message content rejected; exit $EX_UNAVAILABLE; }
    
    
    $SENDMAIL -oi "$@" <in.$$
    
    exit $?
    
    After that I'm using PHP to modify mail email content like this :
    Tho goal of this is to track all outgoing email and to get some stats on the opening rate.

    Thanks for your help !
    PHP:
    try {
            
    $db = new PDO($dsn$user$password, array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'PDO::ATTR_ERRMODE => PDO::ERRMODE_WARNING));
        } catch (
    PDOException $e) {
            echo 
    'Connexion échouée : ' $e->getMessage();
        }
      
        
    $file        =    fopen("/var/spool/filter/".$argv[1], "a");

        
    $from        =    $argv[3];
        
    $to            =    $argv[5];
      
        
    $insert        =    $db->prepare('insert into emails (emailfrom, emailto) values (:emailfrom, :emailto)');
        
    $insert->bindParam(':emailfrom',    $from,    PDO::PARAM_STR);
        
    $insert->bindParam(':emailto',        $to,    PDO::PARAM_STR);
        
    $insert->execute();
        
    $id            =    $db->lastInsertId();
      
        
    $input file_get_contents("php://stdin");
      
      
      
        
    $input str_replace(
            
    '</body>',
            
    '<img src="http://myURL.com/ok/open.php?id='.$id.'" height="1" width="1"/></body>',
            
    $input
        
    );
      
        
    fwrite($file$input);
      
        
    fclose($file);
     
  2. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    The latest ispconfig version uses port 10027 as a postfix-service to sign mails with dkim.
     
  3. stef157

    stef157 Member

    Effectively, it's the latest version.
    Can you help me on how to do it ?
     
  4. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    enable dkim-signing for the maildomain and publish the public-key in the dns. and revert your changes using port 10027 in postfix
     
  5. stef157

    stef157 Member

    The dkim-signin was already enabled.
    and in my postfix I'm using the port 10027.
    So if I understand I can't add the tag ?
    Sorry… if it's not clear.
     
  6. stef157

    stef157 Member

    UP ?
    Nobody know how to trigger a script (PHP) before the DKIM signature ?

    Kind regard
     
  7. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Your current scripts look like they reinject the mail back into postfix via the sendmail command, which sure seems likely to cause a loop, but can't really tell without more of the config, particularly your master.cf. I suspect what you need is more of a before-queue content filter (even though it technically is taking place after the message has hit the queue): http://www.postfix.org/SMTPD_PROXY_README.html If you're not set on php, smtpprox is a simple perl example you could easily modify.

    But on to ports - this is looking at a 3.1 server to figure things out, but @florian030 actually wrote some/most of this, so definitely listen to what he says; I'm not familiar with amavis policy banks or other amavis-specific ways of accomplishing this, this is just a "change mail flow" way of implementing this. I've also never written a milter, which may be yet another route you could go.

    amavis will be accepting mail on port 10026 to be dkim signed, so you need to make your changes ahead of that; you could 1) move amavis to a new port, and have your filter listen on 10026, then deliver back to amavis's new port, or 2) have your filter listen on a new port (eg. 10030), then have postfix send to 10030 instead of 10026, and your filter sends back to 10026 after it's done.

    To accomplish 1) above, you'd need to change amavis' config to listen on a new port, which is set in /etc/amavis/conf.d/50-user on debian, so make your changes in a subsequent config file (99-local or such); looks like you'd need to change just 2 settings, $inet_socket_port and $interface_policy.

    To accomplish 2) above, you'd need to change the port in /etc/postfix/tag_as_originating.re, and make sure that change survives future ispconfig updates (see if there is a conf-custom file for that).

    Once you do either of those, hand your modified message back to amavis and it should be signed on the way out.
     
  8. stef157

    stef157 Member

    Hi,
    Thanks for this.

    When I try your system, it's working but that's before the DKIM signature and so. I can trace a multiple email as only one email.
    Cause I get the same id (only one time the php script is launched).

    Thanks !
     

Share This Page