[Rspamd-Users] Why does rspamd try to dkmim sign incoming mail?
Johannes Rohr
jorohr at gmail.com
Thu Aug 22 10:49:08 UTC 2024
Am 21.08.24 um 22:08 schrieb Benny Pedersen:
> Johannes Rohr skrev den 2024-08-21 20:55:
>
>> 2024-08-21 19:44:34 #3011551(normal) <63b6c2>; dkim_signing;
>> lua_dkim_tools.lua:191: mail is from local address
>
> try again :=)
>
> i bet its a forged sender on port 25,
The server does not even listen on port 25, and if I understand the log
correctly, rspamd sees that it is received from a remote address:
2024-08-21 19:44:34 #3011552(normal) <804b68>; protocol;
rspamd_protocol_handle_headers: read IP header, value: 217.79.xxx.xx:53688
2024-08-21 19:44:34 #3011552(normal) <804b68>; protocol;
rspamd_protocol_handle_headers: read user-agent header, value: Postfix 3.6.4
2024-08-21 19:44:34 #3011552(normal) <804b68>; protocol;
rspamd_protocol_handle_headers: generic header: Content-Length
2024-08-21 19:44:34 #3011552(normal) <804b68>; protocol;
rspamd_protocol_handle_headers: generic header: Connection
2024-08-21 19:44:34 #3011552(normal) <804b68>; protocol;
rspamd_protocol_handle_headers: generic header: Connection
2024-08-21 19:44:34 #3011552(normal) <804b68>; protocol;
rspamd_protocol_handle_headers: read helo header, value:
in.xn--b1akcbzf.xn--90amc.xn--p1acf
2024-08-21 19:44:34 #3011552(normal) <804b68>; protocol;
rspamd_protocol_handle_headers: read from header, value:
<upnulxk at folowaunt.de>
Further down in the log, seemingly after the message has been processed,
I read
2024-08-21 19:44:34 #3011547(rspamd_proxy) <79feea>; milter;
rspamd_milter_process_command: optneg: version: 6, actions: 511,
protocol: 2097151
2024-08-21 19:44:34 #3011547(rspamd_proxy) <79feea>; milter;
rspamd_milter_send_action: optneg reply: ver=6, actions=511,
protocol=1044608
2024-08-21 19:44:34 #3011551(normal) <63b6c2>; task;
rspamd_worker_body_handler: accepted connection from 127.0.0.1 port
47164, task ptr: 00007F6125CF4098
2024-08-21 19:44:34 #3011551(normal) <63b6c2>; protocol;
rspamd_protocol_handle_url: got checkv2 command
2024-08-21 19:44:34 #3011551(normal) <63b6c2>; protocol;
rspamd_protocol_handle_headers: read from header, value:
upnulxk at folowaunt.de
2024-08-21 19:44:34 #3011551(normal) <63b6c2>; protocol;
rspamd_protocol_handle_headers: read queue_id header, value: 95BE63937124C
2024-08-21 19:44:34 #3011551(normal) <63b6c2>; protocol;
rspamd_protocol_handle_headers: read IP header, value: 127.0.0.1:0
The queue_id header is different. So I'm not sure whether this is about
the same message. Maybe this is received back from mailman which
forwards the mail to the listowner for approval and therefore is
considered "local" by rspamd.
[...]
For the time being I have worked around this by setting "sign_local" to
"false" in /etc/rspamd/local.d/dkim_signing.conf
But if this is indeed an issue with mail forwarded by mailman being
considered "local", I guess this is an issue that should be adressed.
Johannes
More information about the Users
mailing list