From: <mr...@ge...> - 2007-11-14 04:24:21
|
Murray S. Kucherawy wrote: > On Tue, 13 Nov 2007, Alin N=EF=BF=BD~Cstac wrote: >> The host from which I've run the telnet test is not present in the >> peerlist nor internalhosts. > > That will prevent signing. You should set up an internal hosts list > and in that list should be all IP blocks, hosts or domains from which > SMTP traffic will come that should be signed. By default that list > only contains "localhost" and "127.0.0.1", so if your telnet test or > mail being sent isn't coming from there then the filter won't sign it. The signing part works like a charm, nothing wrong here. My test had a different purpose. I wanted to see if my MTA will reject spoofed messages (messages that appear to come from my users, but are received over unauthenticated SMTP sessions , from IP addresses outside peerlist/internalhosts and without a valid DKIM-Signature). |