[Rspamd-Users] no dkim signing for whitelisted ip

Jesse Norell jesse at kci.net
Tue May 3 22:03:13 UTC 2022 

On Wed, 2022-04-27 at 17:22 -0600, Jesse Norell wrote:
>   I am setting up some white/black lists based on client ip and mail
> sender info, and I find all my attempts to whitelist based on client
> ip
> result in no dkim signing for the message; if I instead whitelist
> based
> on eg. sender address, it does dkim sign.  I have tried all the
> config
> options I can find and still have this issue, am I overlooking
> something or is this a bug?

This was a misdiagnosis, in fact any whitelisting I do seems to disable
DKIM signing.  This happens whether my whitelist rule sets action="no
action" or I use the force_actions module to do the same.

Is there any way to set "no action" after dkim signing has been done?
 (Note I tried "postfilter=true;" to no avail.)

Or am I going about this wrong, maybe there is a better way to do
sender whitelisting?  (Large negative score is not ideal, as it affects
your bayes training.)

Perhaps this is a bug?  Or maybe you just shouldn't mix rspamd scanning
with signing, and I should either investigate running multiple rspamd
milters with different configs, or just use opendkim for signing, and
rspamd for scanning?

Thanks,
Jesse

Sending without whitelist demonstrates DKIM signing works:

2022-05-03 15:46:40 #1582996(normal) <6f98e7>; task; rspamd_task_write_log: id: <b0919b219b170c8f24196b16071a62cdd9864154.camel at kci.net>, qid: <278CDA0254>, ip: 64.187.65.178, user: jesse at kci.net, from: <jesse at kci.net>, (default: F (no action): [-0.87/12.00] [GENERIC_REPUTATION(-0.69){-0.69191285049183;},MIME_GOOD(-0.10){text/plain;},BAYES_HAM(-0.08){63.66%;},ARC_NA(0.00){},DKIM_SIGNED(0.00){kci.net:s=default;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},HAS_ORG_HEADER(0.00){},MID_RHS_MATCH_FROM(0.00){},MIME_TRACE(0.00){0:+;},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_ZERO(0.00){0;},TO_DN_ALL(0.00){},TO_EQ_FROM(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 458, time: 1174.957ms, dns req: 8, digest: <f1bc50f62ee9faf113775ba97581d459>, rcpts: <jesse at kci.net>, mime_rcpts: <jesse at kci.net>, settings_id: ispc_spamfilter_user_5


Sending with sender whitelisted breaks DKIM signing:

2022-05-03 15:48:18 #1584049(normal) <4f7a62>; task; rspamd_task_write_log: id: <af76ebd5e73acd022efd243aa46aef2acd7a6338.camel at kci.net>, qid: <C5ABCA2418>, ip: 64.187.65.178, user: jesse at kci.net, from: <jesse at kci.net>, (default: F (no action): [-7.00/12.00] [ISPC_WHITELIST_ENVFROM(-7.00){jesse at kci.net;}]), len: 450, time: 75.211ms, dns req: 0, digest: <938a6400999b5cebf76208347bc48384>, rcpts: <jesse at kci.net>, mime_rcpts: <jesse at kci.net>, forced: no action "Matched map: ISPC_WHITELIST_ENVFROM"; score=nan (set by multimap), settings_id: ispc_spamfilter_user_5


This is my current whitelist rule for that (multimap.conf):

ISPC_WHITELIST_ENVFROM {
  group = "ISPConfig";
  description = "Whitelisted sender address.";
  type = "selector";
  selector = "from('smtp')";
  map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_whitelist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_whitelist.inc.local" ];
  postfilter = true;
  action = "no action";
  score = -7.0;
}


-- 
Jesse Norell
Kentec Communications, Inc.
970-522-8107  -  www.kci.net

More information about the Users mailing list