[Rspamd-Users] DKIM keys in Redis
Alexander Huemer
oowieph7aede at xx.vu
Mon Nov 25 20:58:55 UTC 2024
On Sat, Nov 23, 2024 at 07:03:42AM +0100, Gerald Galster wrote:
> https://rspamd.com/doc/modules/dkim_signing.html#principles-of-operation
>
> "The default global configuration (fallback mode) searches for keys at
> the defined path. This path is constructed using the eSLD normalized
> domain name of the header from and the default selector defined with
> selector (dkim). For example, the search path for user at test.example.com
> would be /var/lib/rspamd/dkim/example.com.dkim.key. If a key is found,
> the message will be signed."
>
> https://rspamd.com/doc/modules/dkim_signing.html#configuration
>
> # Default path to key, can include '$domain' and '$selector' variables
> path = "/var/lib/rspamd/dkim/$domain.$selector.key";
>
> # Default selector to use
> selector = "dkim";
>
> Rspamd will look for a key in /var/lib/rspamd/dkim/$domain.dkim.key
> by default.
>
> Just create a key like:
>
> /usr/bin/rspamadm dkim_keygen -s dkim -b 2048 -d yourdomain.com
> -k /var/lib/rspamd/dkim/yourdomain.com.dkim.key
>
> /bin/chown _rspamd:_rspamd /var/lib/rspamd/dkim/yourdomain.com.dkim.key
>
> This will save the private key in /var/lib/rspamd/dkim/...
> and print the dkim._domainkey data that has to be published via DNS.
>
> The key is a static file then, that is very easy to backup (cp, tar, rsync).
>
> Also have a look at rspamd.log (or journalctl): when a sasl authenticated
> user sends an email rspamd logs its search for a dkim key.
This is good advice, thank you.
I won't bother with Redis and just do this.
-Alex
More information about the Users
mailing list