[Rspamd-Users] DKIM signing not working
Tino Hendricks
t.hendricks at interpool.de
Wed Jun 28 09:57:53 UTC 2023
Hi Gerald,
that’s why I was asking:
I was hoping there was a chance to „force feed" some parameters from postfix to rspamd, like
smtpd_milters = inet:localhost:11332 {client_addr}
Tino
> Am 27.06.2023 um 01:35 schrieb Gerald Galster <list+rspamd at gcore.biz>:
>
>> The email originates from a dynamically changing set of IPs.
>> The send process is granted by postfix already; do you have any hint how to get this info to milter/rspamd?
>> Are there any parameters to pass in the config:
>>
>> smtpd_milters = inet:localhost:11332
>> non_smtpd_milters = inet:localhost:11332
>
> This is all there is to configure in postfix.
>
> I guess you're not using sasl auth then, otherwise it would just work.
> To verify, see if your maillog contains lines with sasl_username.
> In case it does you might try to add the following to postfix' main.cf
> after your non_smtpd_milters.
>
> milter_default_action = accept
> milter_protocol = 6
>
>
> There are two options:
>
> - configure your servers to authenticate via sasl at postfix
> - configure rspamd to know your local ips (sign_local, sign_networks, ...)
> https://rspamd.com/doc/modules/dkim_signing.html
>
> # Map file of IP addresses/subnets to consider for signing
> # sign_networks = "/some/file"; # or url
>
> # Domain to use for DKIM signing when sender is in sign_networks ("header"/"envelope"/"auth")
> #use_domain_sign_networks = "header";
>
> ...
>
> Best regards,
> Gerald
>
>
>>> Am 25.06.2023 um 16:10 schrieb Gerald Galster <list+rspamd at gcore.biz>:
>>>
>>>> My /etc/rspamd/local.d/dkim_signing.conf:
>>>> sign_authenticated = true;
>>>
>>> Where does the email originate from and is it sasl authenticated or
>>> ip authenticated (sign_local, sign_networks, ...)?
>>>
>>> Is rspamd integrated via postfix and milter? If so, is authentication
>>> successful in postfix so that milter macros authen_* will be transmitted?
>>>
>>>> domain {
>>>> domain1.com {
>>>> path = "/var/lib/rspamd/dkim/domain1.com.dkim.key";
>>>> selector = "dkim";
>>>> }
>>>> domain2.com {
>>>> path = "/var/lib/rspamd/dkim/domain2.com.dkim.key";
>>>> selector = "dkim";
>>>> }
>>>> domain3.com {
>>>> path = "/var/lib/rspamd/dkim/domain3.com.dkim.key";
>>>> selector = "dkim";
>>>> }
>>>> }
>>>
>>> Those seem to be configured the same way. Default configuration would
>>> be sufficient:
>>>
>>> # Default path to key, can include '$domain' and '$selector' variables
>>> path = "/var/lib/rspamd/dkim/$domain.$selector.key";
>>>
>>> # Default selector to use
>>> selector = "dkim";
>>>
>>> Best regards
>>> Gerald
>>> --
>>> Users mailing list
>>> Users at lists.rspamd.com
>>> https://lists.rspamd.com/mailman/listinfo/users
>>
>> --
>> Users mailing list
>> Users at lists.rspamd.com
>> https://lists.rspamd.com/mailman/listinfo/users
>
> --
> Users mailing list
> Users at lists.rspamd.com
> https://lists.rspamd.com/mailman/listinfo/users
More information about the Users
mailing list