[Rspamd-Users] DKIM not signing - help debugging

Philip Paeps philip at trouble.is
Thu Oct 22 09:19:53 UTC 2020 

On 2020-10-22 17:17:12 (+0800), Philip Paeps wrote:

> On 2020-10-22 14:47:18 (+0800), André Peters wrote:
>
>> ------ Originalnachricht ------
>> Von: "Philip Paeps" <philip at trouble.is>
>> An: "User questions" <users at lists.rspamd.com>
>> Gesendet: 22.10.2020 08:27:59
>> Betreff: [Rspamd-Users] DKIM not signing - help debugging
>>
>>> rspamd is no longer DKIM signing my outbound email and I don't 
>>> understand why.
>>>
>>> As far as I can tell, nothing relevant has changed in the 
>>> configuration.
>>>
>>> The only thing I can glean from the logs is:
>>>
>>> 2020-10-22 06:14:20 #63177(rspamd_proxy) <0e6dd1>; dkim_signing; 
>>> lua_dkim_tools.lua:170: mail is ineligible for signing
>>>
>>> This is with debug_modules = [ "dkim_signing" ] in 
>>> local.d/logging.inc
>>>
>>> Any ideas on how I can debug this effectively?  Permissions haven't 
>>> changed, configuration hasn't changed.  I am confused.
>>>
>>> Many thanks!
>>> Philip
>>>
>>> -- Philip Paeps
>>> Senior Reality Engineer
>>> Alternative Enterprises
>>> -- Users mailing list
>>> Users at lists.rspamd.com
>>> https://lists.rspamd.com/mailman/listinfo/users
>>
>> Hi,
>>
>> Can you post your dkim signing config?
>>
>>   if settings.sign_authenticated and auser then
>>     lua_util.debugm(N, task, 'user is authenticated')
>>     is_authed = true
>>   elseif (settings.sign_networks and 
>> settings.sign_networks:get_key(ip)) then
>>     is_sign_networks = true
>>     lua_util.debugm(N, task, 'mail is from address in sign_networks')
>>   elseif settings.sign_local and is_local then
>>     lua_util.debugm(N, task, 'mail is from local address')
>>   elseif settings.sign_inbound and not is_local and not auser then
>>     lua_util.debugm(N, task, 'mail was sent to us')
>>   else
>>     lua_util.debugm(N, task, 'mail is ineligible for signing')
>>     return false,{}
>>   end
>>
>> See all non-matching criteria above. At least one setting must match 
>> to sign.
>
> dkim_signing {
>     use_esld = true;
>     allow_hdrfrom_mismatch = false;
>     selector = "dkim";
>     symbol = "DKIM_SIGNED";
>     sign_networks [
>         "127.2.4.7",
>     ]
>     domain {
>         trouble.is {
>             selector = "20190809-2048-eihatoow";
>         }
>     }
>     allow_envfrom_empty = true;
>     try_fallback = true;
>     sign_authenticated = true;
>     path = 
> "/usr/local/etc/rspamd/local.d/dkim_keys/$domain.$selector.key";
>     use_redis = false;
>     allow_username_mismatch = true;
>     sign_local = true;
>     key_prefix = "DKIM_KEYS";
>     use_domain = "header";
>     allow_hdrfrom_multiple = false;
> }
>
> I should match the first condition: I am authenticated and 
> sign_authenticated is set to true.

But I'm not seeing the "user is authenticated" debug statement!  Aha.

So ... the real question becomes: how do I tell rspamd that I am 
authenticated?  Or possibly: why did it used to be able to tell but 
can't anymore?

Many thanks!

Philip

-- 
Philip Paeps
Senior Reality Engineer
Alternative Enterprises

More information about the Users mailing list