[Rspamd-Users] Why does rspamd try to dkmim sign incoming mail?
Benny Pedersen
me at junc.eu
Wed Aug 21 20:08:12 UTC 2024
Johannes Rohr skrev den 2024-08-21 20:55:
> 2024-08-21 19:44:34 #3011551(normal) <63b6c2>; dkim_signing;
> lua_dkim_tools.lua:191: mail is from local address
try again :=)
i bet its a forged sender on port 25, not one localy submitted via port
465 or port 587
rspamd must not dkim sign anything comming in to port 25, but it should
arc-sign/arc-seal all incomming
i dont use rspamd self, becursae its not super easy to make logical
right things in a complete mess
> Which is strange, because it is an incoming spam message. For some
> strange reason, the dkim module, after the message has been checked now
> considers it a message from a local network.
>
> I've now set sign_local to false in
> /etc/rspamd/local.d/dkim_signing.conf. It should make a difference,
> let's see if it does. However, I don't understand why this message is
> considered local by the dkim module.
dont accept local sender domains at all on port 25, reject if sender
domain is localy is safe
when its not possible to make envelope sender and envelope recipient
equal, the dkim problem is gone
only dkim sign if sender is sasl auth, rspamd can sign all, but it
should not
More information about the Users
mailing list