Back to main DKFilter page.
Here are some frequently asked questions, with answers.
Email submitted using Postfix sendmail on the same server as dkfilter will not get signed unless you add the content_filter option to the pickup interface in master.cf.master.cf:
pickup fifo n - n 60 1 pickup -o content_filter=dksign:127.0.0.1:10027
Postfix is trying to use TLS (encryption) when sending email through the content filter. This won't work. You'll need to configure your post-dksign-smtpd server to not announce TLS support, or configure your pre-dksign-smtp client to not use TLS.
This example shows how to configure the post-dksign-smtpd server to not announce TLS support.master.cf:
# # service for accepting messages FROM the DomainKeys signing filter # 127.0.0.1:10028 inet n - n - 10 smtpd -o smtpd_use_tls=no -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8
You are running dkfilter.in and/or dkfilter.out, and you connect to the listening port, but the connection is terminated immediately. Furthermore, you get the following output from dkfilter:
./dkfilter.in: socket connect failure: Connection refused(On some platforms, the error is socket connect failure: Invalid argument.)
The filter is unable to connect to its "destination" port. Normally, Postfix should be listening on this port. Make sure you have added the appropriate entries to master.cf for the listening port and have restarted Postfix.
Do you have the Mail::DomainKeys CPAN module installed, in addition to dkfilter? If so, dkfilter may be using the CPAN module instead of its own bundled Mail::DomainKeys module. This may be occuring if you are starting dkfilter using perl dkfilter.out, rather than ./dkfilter.out.
Your outgoing mail is going through the Dkfilter verifier (dkfilter.in) instead of the Dkfilter signer (dkfilter.out). Messages are verified or signed depending on which Postfix port you submit the mail on. If you followed my instructions, Postfix port 25 mail gets verified (this is the port other MTAs use to send mail to you) and Postfix port 587 mail gets signed. Most email clients (e.g. Thunderbird) default to port 25, so you should change that to port 587. (Port 587 is the standard mail submission port according to RFC 2476.)
Last updated: 2006-10-25