[Rspamd-Users] dkim_signing: final DKIM domain cuts off subsubdomain
Vsevolod Stakhov
vsevolod at rspamd.com
Tue Apr 11 16:56:46 UTC 2023
On 11/04/2023 16:15, Dauser Martin Johannes wrote:
> Hi!
>
> I don't get DKIM signing because module dkim_signing thinks it needs to cut off the subsubdomain:
>
> Apr 11 16:34:11 brieftaube rspamd[458053]: <42172b>; dkim_signing; lua_dkim_tools.lua:183: user is authenticated
> Apr 11 16:34:11 brieftaube rspamd[458053]: <42172b>; dkim_signing; lua_dkim_tools.lua:405: use domain(envelope) for signature: cs.sbg.ac.at
> Apr 11 16:34:11 brieftaube rspamd[458053]: <42172b>; dkim_signing; lua_dkim_tools.lua:425: final DKIM domain: sbg.ac.at
>
> After that it tries to find a fitting key file, which doesn't exist as this is the domain of another mail server.
>
> Any idea why this happens?
> Best regards
> Dauser Martin
>
> ##################
> dkim_signing.conf
> ##################
> enabled = true
> try_fallback = true;
> path = "/var/lib/rspamd/dkim/$domain.$selector.key";
> selector_map = "/etc/rspamd/local.d/dkim_selectors.map";
> # content of dkim_selectors.map:
> # <domain> <selector>
> # cs.sbg.ac.at dkim20230202
> path_map = "/etc/rspamd/local.d/dkim_paths.map";
> # content of dkim_path.map:
> # <domain> <path>
> # cs.sbg.ac.at /var/lib/rspamd/dkim/cs.sbg.ac.at.$selector.key
>
>
> sign_networks [
> "141.201.2.0/24",
> ]
> sign_local = true;
> sign_authenticated = true;
>
> use_domain = "envelope";
> use_domain_sign_networks = "envelope";
> use_domain_sign_local = "envelope";
>
> allow_username_mismatch = true;
> allow_hdrfrom_mismatch = true;
>
>
>
> sign_headers = (o)from:(x)sender:(o)reply-to:(x)date:(x)message-
> id:(o)to:(o)cc:(x)mime-version:(x)content-type:(x)content-transfer-
> encoding:resent-to:resent-cc:resent-from:resent-sender:resent-message-
> id:(x)in->
You can add `use_esld = false` to your configuration to avoid such a
behaviour (see [1] for details). However, I don't remember if that will
be ok from the perspective of DMARC.
[1]: https://rspamd.com/doc/modules/dkim_signing.html
More information about the Users
mailing list