[Rspamd-Users] DKIM signing not working

Gerald Galster list+rspamd at gcore.biz
Mon Jun 26 23:35:18 UTC 2023


> The email originates from a dynamically changing set of IPs.
> The send process is granted by postfix already; do you have any hint how to get this info to milter/rspamd?
> Are there any parameters to pass in the config:
> 
> smtpd_milters = inet:localhost:11332
> non_smtpd_milters = inet:localhost:11332

This is all there is to configure in postfix.

I guess you're not using sasl auth then, otherwise it would just work.
To verify, see if your maillog contains lines with sasl_username.
In case it does you might try to add the following to postfix' main.cf
after your non_smtpd_milters.

  milter_default_action = accept
  milter_protocol = 6


There are two options:

- configure your servers to authenticate via sasl at postfix
- configure rspamd to know your local ips (sign_local, sign_networks, ...)
  https://rspamd.com/doc/modules/dkim_signing.html
    
    # Map file of IP addresses/subnets to consider for signing
    # sign_networks = "/some/file"; # or url

    # Domain to use for DKIM signing when sender is in sign_networks ("header"/"envelope"/"auth")
    #use_domain_sign_networks = "header";

    ...

Best regards,
Gerald


>> Am 25.06.2023 um 16:10 schrieb Gerald Galster <list+rspamd at gcore.biz>:
>> 
>>> My /etc/rspamd/local.d/dkim_signing.conf:
>>> sign_authenticated = true;
>> 
>> Where does the email originate from and is it sasl authenticated or
>> ip authenticated (sign_local, sign_networks, ...)?
>> 
>> Is rspamd integrated via postfix and milter? If so, is authentication
>> successful in postfix so that milter macros authen_* will be transmitted?
>> 
>>> domain {
>>>  domain1.com {
>>>      path = "/var/lib/rspamd/dkim/domain1.com.dkim.key";
>>>      selector = "dkim";
>>>  }
>>>  domain2.com {
>>>      path = "/var/lib/rspamd/dkim/domain2.com.dkim.key";
>>>      selector = "dkim";
>>>  }
>>>  domain3.com {
>>>      path = "/var/lib/rspamd/dkim/domain3.com.dkim.key";
>>>      selector = "dkim";
>>>  }
>>> }
>> 
>> Those seem to be configured the same way. Default configuration would
>> be sufficient:
>> 
>> # Default path to key, can include '$domain' and '$selector' variables
>> path = "/var/lib/rspamd/dkim/$domain.$selector.key";
>> 
>> # Default selector to use
>> selector = "dkim";
>> 
>> Best regards
>> Gerald
>> -- 
>> Users mailing list
>> Users at lists.rspamd.com
>> https://lists.rspamd.com/mailman/listinfo/users
> 
> -- 
> Users mailing list
> Users at lists.rspamd.com
> https://lists.rspamd.com/mailman/listinfo/users



More information about the Users mailing list