[Rspamd-Users] DKIM sign status failed

rspamd at vlh.dk rspamd at vlh.dk
Wed Apr 1 18:21:14 UTC 2020


> -----Original Message-----
> From: Users <users-bounces at lists.rspamd.com> On Behalf Of SysAdmin EM
> Sent: 1. april 2020 20:08
> To: User questions <users at lists.rspamd.com>
> Subject: [Rspamd-Users] DKIM sign status failed
> 
> Hello, i set this config to use dkim module, to sign email from my
servers.
> 
> I use Postfix with Rspamd.
> 
> # Postfix main.cf
> 
> smtpd_milters = inet:127.0.0.1:11332
> non_smtpd_milters = inet:127.0.0.1:11332 milter_mail_macros = i
> {mail_addr} {client_addr} {client_name} {auth_authen}
> milter_default_action = accept milter_protocol = 6
> 
> 
> # dkim_signing.conf
>  allow_envfrom_empty = true;
>  allow_hdrfrom_mismatch = false;
>  allow_hdrfrom_multiple = false;
>  allow_username_mismatch = false;
>  selector = "dkim";
>  sign_authenticated = true;
>  sign_local = true;
>  sign_networks = "/etc/rspamd/local.d/dkim_ip.map";
>  selector_map = "/etc/rspamd/local.d/dkim_selectors.map";
>  path_map = "/etc/rspamd/local.d/dkim_paths.map";
>  symbol = "DKIM_SIGNED";
>  try_fallback = true;
>  use_domain = "envelope";
>  use_esld = true;
>  use_redis = false;
>  key_prefix = "DKIM_KEYS";
> 
> # /etc/rspamd/local.d/dkim_selectors.map
> devpmta.tk dkim
> 
> # /etc/rspamd/local.d/dkim_paths.map
> devpmta.tk /var/lib/rspamd/dkim/devpmta.tk.private
> 
> # Rspamd log
> 
> 2020-04-01 15:05:02 #11410(rspamd_proxy) <7bad12>; proxy;
> rspamd_task_write_log: id:
> <5e84d7cd.gR1KVW6/m04uq4nQ%loquesea at devpmta.tk>,
> qid: <B1F6DC05927B>, ip: 127.0.0.1, from: <loquesea at devpmta.tk>, (default:
> F (no action): [0.90/nan]
> [MID_CONTAINS_FROM(1.00){},MIME_GOOD(-
> 0.10){text/plain;},ARC_NA(0.00){},DKIM_SIGNED(0.00){},FREEMAIL_ENVRCP
> T(0.00){
> gmail.com;},FREEMAIL_TO(0.00){gmail.com;},FROM_EQ_ENVFROM(0.00){},F
> ROM_NO_DN(0.00){},MIME_TRACE(0.00){0:+;},RCPT_COUNT_ONE(0.00){1;},
> RCVD_COUNT_ZERO(0.00){0;},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_
> ALL(0.00){}]),
> len: 342, time: 353.198ms, dns req: 0, digest:
> <d343337b83980c9a89256d9596ba318b>, rcpts: <emawata at gmail.com>,
> mime_rcpts:
> <emawata at gmail.com>
> 
> # Gmail example
> 
> ARC-Authentication-Results: i=1; mx.google.com;
>        dkim=fail header.i=@devpmta.tk header.s=dkim header.b=AcQzCni3;
>        spf=pass (google.com: domain of loquesea at devpmta.tk designates
> 200.58.101.8 as permitted sender) smtp.mailfrom=loquesea at devpmta.tk
> Return-Path: <loquesea at devpmta.tk>
> Received: from dtc-mta-out.1018.dattaweb.com (dtc-mta-
> out.1018.dattaweb.com.
> [200.58.101.8])
>         by mx.google.com with ESMTPS id
> y24si1798159qtk.155.2020.04.01.11.05.03
>         for <emawata at gmail.com>
>         (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
>         Wed, 01 Apr 2020 11:05:03 -0700 (PDT)
> Received-SPF: pass (google.com: domain of loquesea at devpmta.tk
> designates
> 200.58.101.8 as permitted sender) client-ip=200.58.101.8;
> Authentication-Results: mx.google.com;
>        dkim=fail header.i=@devpmta.tk header.s=dkim header.b=AcQzCni3;
>        spf=pass (google.com: domain of loquesea at devpmta.tk designates
> 200.58.101.8 as permitted sender) smtp.mailfrom=loquesea at devpmta.tk
> Received: from mail01.devpmta.tk (unknown [172.17.114.203]) by
> smarthost02.dattaweb.com (Postfix) with ESMTP id 683F04C427C for <
> emawata at gmail.com>; Wed,
>   1 Apr 2020 15:05:02 -0300 (-03)
> Received: by mail01.devpmta.tk (Postfix, from userid 0) id B1F6DC05927B;
> Wed,
>   1 Apr 2020 15:05:01 -0300 (-03)
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=devpmta.tk;
> s=dkim; t=1585764302;
> h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
> to:to:cc:mime-version:mime-version:content-type:content-type:
> content-transfer-encoding:content-transfer-encoding;
> bh=KRuN/z0EPRrD0+kw29aE/3bmOzEy/b7CJaXrJdcrBE4=;
> b=AcQzCni3vDnrfm2GsYj/c01VJoMQlPg0XlHwGlGogdVr34cC2Pm0BmB8sDFg
> YKvOgnIKKy
> EDfPn9LC+td42Cx5jD8LQfbNVaihYyvJ/2pC/4CTSGW/UXVMZEs6S9Rl09V083H
> BW70znS
> uTWcFjp1ZdcEVNs848H4VrARpmgxczI=
> Date: Wed, 01 Apr 2020 15:05:01 -0300
> From: loquesea at devpmta.tk
> To: emawata at gmail.com
> 
> I've already checked the settings and can't find the problem. Any ideas to
> help me?
> 
> Regards,
> --
> Users mailing list
> Users at lists.rspamd.com
> https://lists.rspamd.com/mailman/listinfo/users

For me (only a small amateur-server for my private mail/2 domains -
postfix/dovecot/rspamd/roundcube setup) this simple approach works:

/etc/rspamd/local.d/dkim_signing.conf

# Domain specific settings
domain {
  vlh.dk {
    selectors [
      { # Private key path
        path = "/var/lib/rspamd/dkim/mail.vlh.dk.private";
        # Selector
        selector = "mail.vlh.dk";
      }
    ]
  }
}
domain {
  sindalsen.dk {
    selectors [
      { # Private key path
        path = "/var/lib/rspamd/dkim/sindalsen.dk.private";
        # Selector
        selector = "mail.vlh.dk";
      }
    ]
  }
}

Regards,
Kim Sindalsen



More information about the Users mailing list