[Rspamd-Users] howto dkim sign local users mailout without signing local network mailin ?

[Daniel Caillibaud]

Hi,

I have 2 hosts
- mail : MX for my domains and smtp out for local users and authenticated users
- front1 : smtp out for several services

in mail:/etc/rspamd/local.d/dkim_signing.conf

If I set
  sign_networks = [
    "127.0.0.1",
    "::1",
  ]
  sign_local = true;
or just
  sign_local = true;

=> outgoing mails sent by local users are signed, but incoming mails from front1 (with a
lan ip 192.168.x.y) for @mydomain.tld (already signed there) are signed again too (easy to see
in header because selector is different on these two hosts)

The only way I found to sign outgoing mail from local users without signing again incoming mail
is to set
  sign_networks = [
    "127.0.0.1",
    "::1",
  ]
  sign_local = false;

but why ? It seems the opposite I want to do…

Thanks a lot


Others lines (not changed during these tests) in this file are
  use_domain_sign_networks = "header";
  sign_authenticated = true;
  use_esld = true;
  # common with arc.conf, this file contains `domain { … }` with keyfiles for my domains
  .include(try=true,priority=10) "$LOCAL_CONFDIR/local.d/signing_domains.inc"

I'm using rspamd 2.7-42~buster as postfix milter with (in main.cf)

milter_protocol = 6
milter_default_action = tempfail
smtpd_milters = inet:localhost:11332
non_smtpd_milters = $smtpd_milters
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}


-- 
Daniel

Mes films sont une forme de psychanalyse, sauf que c'est moi qui suis 
payé, ce qui change tout!
Woody Allen