[Rspamd-Users] Why does rspamd try to dkmim sign incoming mail?

[Benny Pedersen]

Johannes Rohr skrev den 2024-08-22 12:49:
> Am 21.08.24 um 22:08 schrieb Benny Pedersen:
>> Johannes Rohr skrev den 2024-08-21 20:55:
>> 
>>> 2024-08-21 19:44:34 #3011551(normal) <63b6c2>; dkim_signing; 
>>> lua_dkim_tools.lua:191: mail is from local address
>> 
>> try again :=)
>> 
>> i bet its a forged sender on port 25,
> 
> The server does not even listen on port 25, and if I understand the log 
> correctly, rspamd sees that it is received from a remote address:

port 25 is mta incomming, but port 25 have global content-filter ?

i like to know your mail flows, else i can just give random guess

and how is your rspamd conf

# If false, messages from authenticated users are not selected for 
signing
sign_authenticated = true;

# If false, messages from local networks are not selected for signing
sign_local = true;

# Map file of IP addresses/subnets to consider for signing
# sign_networks = "/some/file"; # or url

did you set sign_networks ?

it must have local auth ips that can sign, not remote ips that are 
client on port 25


> For the time being I have worked around this by setting "sign_local" to 
> "false" in /etc/rspamd/local.d/dkim_signing.conf

did that work ?

> But if this is indeed an issue with mail forwarded by mailman being 
> considered "local", I guess this is an issue that should be adressed.

mail forward is bad habbits like sys4 that breaks dkim on propose at 
just resolved it with take ownerships to the breaked dkim signing 
upostream, when all badness go away by not breaking dkim, it would be 
something to consider, i still avocate to do the arc-sign/arc-seal 
before it ends in mailman proffesional break dkim sillynesss

when postfix maillist runned on cloud9 it was no dkim problem at all, 
life changes, only now dovecot and spamassassin does not break dkim, but 
only dovecot is supporting arc, sadly