我想用postfix自动签名发送邮件。 我find了一个脚本,并将其集成到后缀。 这大部分是预期的工作,但它有两个错误,我希望你能帮我解决这些问题。
/home/xxx/sign.sh
#!/bin/bash WORKDIR="/tmp" SENDMAIL="/usr/sbin/sendmail -G -i" EX_UNAVAILABLE=69 SENDER="$2"; RECIPIENT="$4" MESSAGEFILE="$WORKDIR/message.$$" trap "rm -f $MESSAGEFILE; rm -f $MESSAGEFILE.signed" 0 1 2 3 15 umask 077 cat > $MESSAGEFILE || { echo Cannot save mail to file; exit $EX_UNAVAILABLE;} SUBJECT=$(reformail -x "Subject:" < $MESSAGEFILE) openssl smime -sign -in $MESSAGEFILE -out $MESSAGEFILE.signed -from $SENDER -to $RECIPIENT -subject "$SUBJECT" -signer /home/xxx/sign.crt -inkey /home/xxx/sign_key.crt -text || { echo Problem signing message; exit $EX_UNAVAILABLE; } $SENDMAIL "$@" < $MESSAGEFILE.signed exit $? 这是执行到后缀:
smtp inet n - - - - smtpd -o content_filter=spamassassin -o content_filter=meinfilter:dummy meinfilter unix - nn - 2 pipe flags=Rq user=xxx null_sender= argv=/home/xxx/sign.sh -f ${sender} -- ${recipient}
错误是
这里的原始电子邮件标题和正文。 你可以注意到下面的双头
To: xxx From: xxx Subject: Testsubject MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----2466B05A8CF1ACF5CD6D9B7B8AE72747" This is an S/MIME signed message ------2466B05A8CF1ACF5CD6D9B7B8AE72747 Content-Type: text/plain Return-Path: <xxx> Received: from [127.0.0.1] (xxx [xxx]) by xxx (Postfix) with ESMTPSA id xxx for <xxx>; Fri, 13 Sep 2013 02:49:22 +0000 (UTC) Message-ID: <xxx> Date: Fri, 13 Sep 2013 04:49:21 +0200 From: xxx User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: xxx Subject: Testsubject Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Testmessage ------2466B05A8CF1ACF5CD6D9B7B8AE72747 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" LONGTEXTLONGTEXTWITHPUBLICKEYLONGTEXTLONGTEXTWITHPUBLICKEY LONGTEXTLONGTEXTWITHPUBLICKEYLONGTEXTLONGTEXTWITHPUBLICKEY LONGTEXTLONGTEXTWITHPUBLICKEYLONGTEXTLONGTEXTWITHPUBLICKEY ... LONGTEXTLONGTEXTWITHPUBLICKEYLONGTEXTLONGTEXTWITHPUBLICKEY LONGTEXTLONGTEXTWITHPUBLICKEYLONGTEXTLONGTEXTWITHPUBLICKEY LONGTEXTLONGTEXTWITHPUBLICKEYLONGTEXTLONGTEXTWITHPUBLICKEY
这两个问题怎么能解决这个问题呢?
如果您不希望将纯文本标头添加到已签名的电子邮件中,请从sign.sh脚本中的openssl命令中删除-text选项。 如上所述
-text this option adds plain text (text/plain) MIME headers to the supplied message if encrypting or signing. If decrypting or verifying it strips off text headers: if the decrypted or verified message is not of MIME type text/plain then an error occurs. this option adds plain text (text/plain) MIME headers to the supplied message if encrypting or signing. If decrypting or verifying it strips off text headers: if the decrypted or verified message is not of MIME type text/plain then an error occurs.
为了只签名传出的电子邮件,我想你要做的是启用你的master.cf的提交端口(587)或smtps(465),并将-o content_filter=meinfilter:dummy到那个端口
#submission
submission inet n - n - - smtpd
-o content_filter=meinfilter:dummy
这意味着只有在该端口上提交的邮件(通常与TLS和身份validation相关联)将由您的脚本签名。 您可能还需要确保只有通过身份validation的TLSencryption连接才能通过您的服务器进行中继。