[Rspamd-Users] dual signing: wildcard for domain names?

Michael Grimm trashcan at ellael.org
Thu Apr 15 14:46:31 UTC 2021


Hi,

I do want to dual sign all of my domains but one.

../local.d/dkim_signing.conf (dual signing from https://rspamd.com/doc/modules/dkim_signing.html):

	# default selector and path to use 
	selector = "dkim"; 
	path = ".../configs/dkim.key"; 

	domain {
	  alpha.example.org {
	    selectors [
	     {
	       path: ".../configs/dkim.key";
	       selector: "dkim";
	     },
	     {
	       path: ".../configs/dkim-eddsa.key";
	       selector: "eddsa";
	     }
	   ]
	 }
	}

Ok, that will allow to define dual signing for named domains. Now, I could repeat such a domain block for all of my domains I would like to dual sign. And default will become used for the only domain remaining (to be signed by 'dkim' selector, only).

But how could one achieve the opposite?

I did try for default ..

	selectors [
	     {
	       path: ".../configs/dkim.key";
	       selector: "dkim";
	     },
	     {
	       path: ".../configs/dkim-eddsa.key";
	       selector: "eddsa";
	     }
	   ]

.. and ..

	domain {
	  the-one-to-single-sign.example {
	    selectors [
	     {
	       path: ".../configs/dkim.key";
	       selector: "dkim";
	     }
	   ]
	 }
	}


But that didn't work, although 'rspamadm configtest dkim_signing' didn't complain. Now, only 'the-one-to-single-sign.example' will become signed, and all other domains *not* at all.

So, how can I achieve my goal to dual sign all domains but one?

Thanks and regards,
Michael




More information about the Users mailing list