[Rspamd-Users] DKIM not signing - help debugging

Philip Paeps philip at trouble.is
Thu Oct 22 09:17:12 UTC 2020 

On 2020-10-22 14:47:18 (+0800), André Peters wrote:

> ------ Originalnachricht ------
> Von: "Philip Paeps" <philip at trouble.is>
> An: "User questions" <users at lists.rspamd.com>
> Gesendet: 22.10.2020 08:27:59
> Betreff: [Rspamd-Users] DKIM not signing - help debugging
>
>> rspamd is no longer DKIM signing my outbound email and I don't 
>> understand why.
>>
>> As far as I can tell, nothing relevant has changed in the 
>> configuration.
>>
>> The only thing I can glean from the logs is:
>>
>> 2020-10-22 06:14:20 #63177(rspamd_proxy) <0e6dd1>; dkim_signing; 
>> lua_dkim_tools.lua:170: mail is ineligible for signing
>>
>> This is with debug_modules = [ "dkim_signing" ] in 
>> local.d/logging.inc
>>
>> Any ideas on how I can debug this effectively?  Permissions haven't 
>> changed, configuration hasn't changed.  I am confused.
>>
>> Many thanks!
>> Philip
>>
>> -- Philip Paeps
>> Senior Reality Engineer
>> Alternative Enterprises
>> -- Users mailing list
>> Users at lists.rspamd.com
>> https://lists.rspamd.com/mailman/listinfo/users
>
> Hi,
>
> Can you post your dkim signing config?
>
>   if settings.sign_authenticated and auser then
>     lua_util.debugm(N, task, 'user is authenticated')
>     is_authed = true
>   elseif (settings.sign_networks and 
> settings.sign_networks:get_key(ip)) then
>     is_sign_networks = true
>     lua_util.debugm(N, task, 'mail is from address in sign_networks')
>   elseif settings.sign_local and is_local then
>     lua_util.debugm(N, task, 'mail is from local address')
>   elseif settings.sign_inbound and not is_local and not auser then
>     lua_util.debugm(N, task, 'mail was sent to us')
>   else
>     lua_util.debugm(N, task, 'mail is ineligible for signing')
>     return false,{}
>   end
>
> See all non-matching criteria above. At least one setting must match 
> to sign.

dkim_signing {
     use_esld = true;
     allow_hdrfrom_mismatch = false;
     selector = "dkim";
     symbol = "DKIM_SIGNED";
     sign_networks [
         "127.2.4.7",
     ]
     domain {
         trouble.is {
             selector = "20190809-2048-eihatoow";
         }
     }
     allow_envfrom_empty = true;
     try_fallback = true;
     sign_authenticated = true;
     path = 
"/usr/local/etc/rspamd/local.d/dkim_keys/$domain.$selector.key";
     use_redis = false;
     allow_username_mismatch = true;
     sign_local = true;
     key_prefix = "DKIM_KEYS";
     use_domain = "header";
     allow_hdrfrom_multiple = false;
}

I should match the first condition: I am authenticated and 
sign_authenticated is set to true.

Philip

-- 
Philip Paeps
Senior Reality Engineer
Alternative Enterprises

More information about the Users mailing list