[Rspamd-Users] phpmail() generated mail is not signed regardless of sign_local=true
Johannes Rohr
johannes at rohr.org
Mon Jan 22 12:44:48 UTC 2024
Am 22.01.24 um 12:47 schrieb Albrecht Backhaus:
>
>>> DKIM - signatures are only added, when you use SMTP -
>>> authentification ( the DKIM - feature would be pretty useless, if
>>> there would be no authentification at all ...)
>>
>> That seems to be not quite the case. It is also added to mails
>> submitted via sendmail, just not to mails submitted through the
>> mechanism that php's mail() uses, whatever it is . The mails I am
>> concerned about do originate from a local user on the server
>> (www-data), so there would be no reason not to authenticate it as
>> coming from this server's fdqn. Or am I missing something?
>
> That question is not easy to answer without knowing more about the
> complete setting. What kind of mail server do you use etc. ....
Nothing unusual. Using postfix, nginx, php fpm, running as user
www-data, pretty standard stuff, I'd say.
>
> I personally would never assume that there is no reason to
> authenticate local email, only because the sender is "saying - I am
> "www-data.domain.tld".
According to that logic, rspamd should also refuse to sign mail
delivered to the mta via mail, mailx or sendmail. But somehow, in those
cases it does, just not when the mail is generated by the PHP mail()
function. The only difference seems to be that the latter uses the
loopback interface rather than sendmail.
When the local user www-data delivers mail through the loopback
interface, you can be just as sure that it originates from the local
machine as when mail is delivered via sendmail. I therefore can't think
of any reason not to authenticate it as coming from the local machine.
>
> I am sure that there are suitable plugins for wordpress which are able
> to use smtp-auth - another workaround could be to use a function to do
> the same.
Yes, there are. And I have installed them in those wordpress instances
that I maintain, but there are several dozens more instances on my
server, and the bounces are always sent to www-data, rather than to the
owner of the respective WP instance. So I am looking for a solution that
covers all of them.
Cheers,
Johannes
>
> Regards, Albrecht
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x050B8DB21EF5916F.asc
Type: application/pgp-keys
Size: 11788 bytes
Desc: OpenPGP public key
URL: <https://lists.rspamd.com/pipermail/users/attachments/20240122/e3dc4965/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <https://lists.rspamd.com/pipermail/users/attachments/20240122/e3dc4965/attachment-0001.bin>
More information about the Users
mailing list