[Rspamd-Users] Why does rspamd try to dkmim sign incoming mail?

Johannes Rohr jorohr at gmail.com
Thu Aug 22 10:49:08 UTC 2024


Am 21.08.24 um 22:08 schrieb Benny Pedersen:
> Johannes Rohr skrev den 2024-08-21 20:55:
>
>> 2024-08-21 19:44:34 #3011551(normal) <63b6c2>; dkim_signing; 
>> lua_dkim_tools.lua:191: mail is from local address
>
> try again :=)
>
> i bet its a forged sender on port 25,

The server does not even listen on port 25, and if I understand the log 
correctly, rspamd sees that it is received from a remote address:

2024-08-21 19:44:34 #3011552(normal) <804b68>; protocol; 
rspamd_protocol_handle_headers: read IP header, value: 217.79.xxx.xx:53688
2024-08-21 19:44:34 #3011552(normal) <804b68>; protocol; 
rspamd_protocol_handle_headers: read user-agent header, value: Postfix 3.6.4
2024-08-21 19:44:34 #3011552(normal) <804b68>; protocol; 
rspamd_protocol_handle_headers: generic header: Content-Length
2024-08-21 19:44:34 #3011552(normal) <804b68>; protocol; 
rspamd_protocol_handle_headers: generic header: Connection
2024-08-21 19:44:34 #3011552(normal) <804b68>; protocol; 
rspamd_protocol_handle_headers: generic header: Connection
2024-08-21 19:44:34 #3011552(normal) <804b68>; protocol; 
rspamd_protocol_handle_headers: read helo header, value: 
in.xn--b1akcbzf.xn--90amc.xn--p1acf
2024-08-21 19:44:34 #3011552(normal) <804b68>; protocol; 
rspamd_protocol_handle_headers: read from header, value: 
<upnulxk at folowaunt.de>

Further down in the log, seemingly after the message has been processed, 
I read

2024-08-21 19:44:34 #3011547(rspamd_proxy) <79feea>; milter; 
rspamd_milter_process_command: optneg: version: 6, actions: 511, 
protocol: 2097151
2024-08-21 19:44:34 #3011547(rspamd_proxy) <79feea>; milter; 
rspamd_milter_send_action: optneg reply: ver=6, actions=511, 
protocol=1044608
2024-08-21 19:44:34 #3011551(normal) <63b6c2>; task; 
rspamd_worker_body_handler: accepted connection from 127.0.0.1 port 
47164, task ptr: 00007F6125CF4098
2024-08-21 19:44:34 #3011551(normal) <63b6c2>; protocol; 
rspamd_protocol_handle_url: got checkv2 command
2024-08-21 19:44:34 #3011551(normal) <63b6c2>; protocol; 
rspamd_protocol_handle_headers: read from header, value: 
upnulxk at folowaunt.de
2024-08-21 19:44:34 #3011551(normal) <63b6c2>; protocol; 
rspamd_protocol_handle_headers: read queue_id header, value: 95BE63937124C
2024-08-21 19:44:34 #3011551(normal) <63b6c2>; protocol; 
rspamd_protocol_handle_headers: read IP header, value: 127.0.0.1:0

The queue_id header is different. So I'm not sure whether this is about 
the same message. Maybe this is received back from mailman which 
forwards the mail to the listowner for approval and therefore is 
considered "local" by rspamd.

[...]

For the time being I have worked around this by setting "sign_local" to 
"false" in /etc/rspamd/local.d/dkim_signing.conf

But if this is indeed an issue with mail forwarded by mailman being 
considered "local", I guess this is an issue that should be adressed.

Johannes



More information about the Users mailing list