[Rspamd-Users] DKIM signing not working

Tino Hendricks t.hendricks at interpool.de
Wed Jun 28 09:57:53 UTC 2023


Hi Gerald,

that’s why I was asking: 
I was hoping there was a chance to „force feed" some parameters from postfix to rspamd, like

smtpd_milters = inet:localhost:11332 {client_addr}	

Tino


> Am 27.06.2023 um 01:35 schrieb Gerald Galster <list+rspamd at gcore.biz>:
> 
>> The email originates from a dynamically changing set of IPs.
>> The send process is granted by postfix already; do you have any hint how to get this info to milter/rspamd?
>> Are there any parameters to pass in the config:
>> 
>> smtpd_milters = inet:localhost:11332
>> non_smtpd_milters = inet:localhost:11332
> 
> This is all there is to configure in postfix.
> 
> I guess you're not using sasl auth then, otherwise it would just work.
> To verify, see if your maillog contains lines with sasl_username.
> In case it does you might try to add the following to postfix' main.cf
> after your non_smtpd_milters.
> 
>  milter_default_action = accept
>  milter_protocol = 6
> 
> 
> There are two options:
> 
> - configure your servers to authenticate via sasl at postfix
> - configure rspamd to know your local ips (sign_local, sign_networks, ...)
>  https://rspamd.com/doc/modules/dkim_signing.html
> 
>    # Map file of IP addresses/subnets to consider for signing
>    # sign_networks = "/some/file"; # or url
> 
>    # Domain to use for DKIM signing when sender is in sign_networks ("header"/"envelope"/"auth")
>    #use_domain_sign_networks = "header";
> 
>    ...
> 
> Best regards,
> Gerald
> 
> 
>>> Am 25.06.2023 um 16:10 schrieb Gerald Galster <list+rspamd at gcore.biz>:
>>> 
>>>> My /etc/rspamd/local.d/dkim_signing.conf:
>>>> sign_authenticated = true;
>>> 
>>> Where does the email originate from and is it sasl authenticated or
>>> ip authenticated (sign_local, sign_networks, ...)?
>>> 
>>> Is rspamd integrated via postfix and milter? If so, is authentication
>>> successful in postfix so that milter macros authen_* will be transmitted?
>>> 
>>>> domain {
>>>> domain1.com {
>>>>     path = "/var/lib/rspamd/dkim/domain1.com.dkim.key";
>>>>     selector = "dkim";
>>>> }
>>>> domain2.com {
>>>>     path = "/var/lib/rspamd/dkim/domain2.com.dkim.key";
>>>>     selector = "dkim";
>>>> }
>>>> domain3.com {
>>>>     path = "/var/lib/rspamd/dkim/domain3.com.dkim.key";
>>>>     selector = "dkim";
>>>> }
>>>> }
>>> 
>>> Those seem to be configured the same way. Default configuration would
>>> be sufficient:
>>> 
>>> # Default path to key, can include '$domain' and '$selector' variables
>>> path = "/var/lib/rspamd/dkim/$domain.$selector.key";
>>> 
>>> # Default selector to use
>>> selector = "dkim";
>>> 
>>> Best regards
>>> Gerald
>>> -- 
>>> Users mailing list
>>> Users at lists.rspamd.com
>>> https://lists.rspamd.com/mailman/listinfo/users
>> 
>> -- 
>> Users mailing list
>> Users at lists.rspamd.com
>> https://lists.rspamd.com/mailman/listinfo/users
> 
> -- 
> Users mailing list
> Users at lists.rspamd.com
> https://lists.rspamd.com/mailman/listinfo/users



More information about the Users mailing list