[Rspamd-Users] Help sought: DKIM signing on one domain only. The rest were ignored.

Aste aste at sveiks.lv
Tue Aug 29 15:01:05 UTC 2023


Hi!

AFAIK DKIM signing cofigurations is located in dkim_signing.conf not in arc.conf


-- 
Aste

Monday, August 28, 2023, 11:51:25 PM, you wrote:


j> Hi,

j> I have had problems getting DKIM signing to work with rspamd on multiple domains. The last time I checked was years ago so I don't know when it broke. Perhaps it never worked, but I did not notice.

j> I have two domains: dkimWorks.org and dkimBroken.org.

j> The server runs rspamd 3.6-2~bbb8660e5~bookworm.  ( Debian )

j> These have this config:

j> # ls -l /var/lib/rspamd/dkim
j> -rw-r----- 1 root _rspamd  241 Aug  9 20:42 dkimWorks.org.dkim.dns
j> -rw-r----- 1 root _rspamd  887 Jul  3  2013 dkimWorks.org.dkim.key
j> -rw-r----- 1 root _rspamd  241 Aug  9 20:42 dkimBroken.org.dkim.dns
j> -rw-r----- 1 root _rspamd  887 Jul  3  2013 dkimBroken.org.dkim.key
j> ( These are actually the same keys - I am lazy ).

j> # cat /etc/rspamd/local.d/arc.conf
j> path = "/var/lib/rspamd/dkim/$domain.$selector.key";
j> selector = "dkim";
j> allow_username_mismatch = true;

j> The email is sent from the same authenticated user for both domains: sophie at authuser.org

j> However, rspamd signed dkimWorks.org with the DKIM key, but did not sign dkimBroken.org.

j> Logs from /var/log/rspamd/rspamd.log are here:

j> dkimWorks.org
j> 2023-08-28 20:29:38 #167163(normal) <6b37df>; task; rspamd_task_write_log: id: <93d11438bcd0c6176f60f39be0edf7c3 at dkimWorks.org>, qid: <E89DD5B>, ip: 127.0.0.1, user: sophie@ authuser.org, from: <sophie at dkimWorks.org>, (default: F (no action): [0.20/18.00] [SUBJ_ALL_CAPS(0.30){4;},MIME_GOOD(-0.10){multipart/alternative;text/plain;},ARC_NA(0.00){},DKIM_SIGNED(0.00){dkimWorks.org:s=dkim;},FREEMAIL_ENVRCPT(0.00){gmail.com;},FREEMAIL_TO(0.00){gmail.com;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},HAS_ORG_HEADER(0.00){},MID_RHS_MATCH_FROM(0.00){},MIME_TRACE(0.00){0:+;1:+;2:~;},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_ZERO(0.00){0;},TAGGED_RCPT(0.00){},TO_DN_ALL(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 1178, time: 64.009ms, dns req: 2, digest: <d4f2127c99414f42f9b8fd52473e9293>, rcpts: <112345 at gmail.com,112345 at gmail.com>, mime_rcpts: <112345 at gmail.com,>, settings_id: authenticated

--->>  This was added : DKIM_SIGNED(0.00){dkimWorks.org:s=dkim;}

j> dkimBroken.org
j> 2023-08-28 20:32:03 #167163(normal) <f97ef6>; task; rspamd_task_write_log: id: <ae601b37c82e8cd2e77792f25ca62ba8 at dkimBroken.eu>, qid: <C7F745B>, ip: 127.0.0.1, user: sophie at authuser.org, from: <sophie at dkimBroken.eu>, (default: F (no action): [0.50/18.00] [SUBJ_ALL_CAPS(0.30){4;},MIME_HTML_ONLY(0.20){},ARC_NA(0.00){},FREEMAIL_ENVRCPT(0.00){gmail.com;},FREEMAIL_TO(0.00){gmail.com;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},HAS_ORG_HEADER(0.00){},MID_RHS_MATCH_FROM(0.00){},MIME_TRACE(0.00){0:~;},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_ZERO(0.00){0;},TAGGED_RCPT(0.00){},TO_DN_ALL(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 627, time: 63.341ms, dns req: 2, digest: <0122f13094e4856d24a2e4a747a2c4b8>, rcpts: <112345 at gmail.com,112345 at gmail.com>, mime_rcpts: <112345 at gmail.com,>, settings_id: authenticated

--->> This is _missing_: DKIM_SIGNED(0.00){dkimBroken.org:s=dkim;}

j> Can anybody thing what could be wrong with this configuration?

j> Regards,S

j> P.S Yes, the dkimBroken and dkimWorks domains are just covers to obfuscate my domains.





More information about the Users mailing list