[Rspamd-Users] First Time: DKIM Signing Only
Allen, Norton T.
allen at huarp.harvard.edu
Thu Jan 25 18:49:25 UTC 2024
On 1/24/2024 6:21 PM, Gerald Galster wrote:
> while others will be sent out. The ARC and DKIM Signing modules'
>> docs list a number of conditions they consider before signing,
>> although they don't explicitly mention that the message must be
>> heading outbound. Is it possible these already provide most of the
>> filtering required?
> Yes.
>
>> o [I will definitely be using settings to limit what is signed
>> during testing!]
>> * If it is up to me, is there a standard recipe to identify outbound mail?
> For dkim-signing replace outbound with authenticated. The direction does
> not matter but usually only authenticated users can send emails, so
> dkim-signed mails are usually outbound.
DKIM signing authenticated email is certainly something we'll need, so
thanks for that. The mailing lists are more complicated. Incoming mail
comes in via SMTP, so not authenticated, and is delivered via local(8)
to the mailing list software. The message is then resubmitted after
minor modifications via sendmail(1). If I understand correctly, I will
need to identify the two cases separately. Since the messages will be
modified, they need to be ARC-signed when they first arrive, then they
need to be DKIM-signed after resubmission. Presumably something like
this should work for the first case:
inbound_list_email { rcpt = my-internal-incoming-mail-alias1; rcpt =
my-internal-incoming-mail-alias2; apply { symbols_enabled =
["ARC_SIGNED"]; } }
For the second case, is there some way I can pass in an argument via
sendmail that I can use to identify outbound mailing list messages? If
so, I could use that to enable DKIM signing and ideally DMARC munging as
well.
More information about the Users
mailing list