dkim_signing not signing when NOT from localhost

[johnwmail]

Classification (Please choose one option):

• Crash/Hang/Data loss
• WebUI/Usability
• Serious bug
• Other bug
• Feature
• Enhancement

Reproducibility (Please choose one option):

• Always
• Sometimes
• Rarely
• Unable
• I didn’t try
• Not applicable

Rspamd version:

1.6.2

Operation system, CPU, memory and environment:

OpenBSD, Intel 64bit, 8G ram

Description (Please provide a descriptive summary of the issue):

I setup dkim_signing for signing dkim header/mail,
I noticed, it work only when I use webmail (from locahost/127.0.1),

It can not work / do not sign, when I use K9mail (mobile) or thunderbird (desktop),
both are not from (localhost/127.0.0.1),

I enabled debug log for dkim_signing
debug_modules = ["dkim_signing"];

and I saw this on logging, when I use K9mail/thunderbird (This one NOT work)
dkim_signing; dkim_sign_tools.lua:95: use domain(header) for signature: wonghome.net
dkim_signing; dkim_sign_tools.lua:121: couldnt find domain in username

When I use webmail (rspamd signed dkim to header/mail), I saw this (This one WORK)
dkim_signing; dkim_sign_tools.lua:38: mail is from local address
dkim_signing; dkim_sign_tools.lua:95: use domain(header) for signature: wonghome.net

How do I debug / find out, what problem is it?

Please help, thank you.

Compile errors (if any):

Steps to reproduce:

Expected results:

Actual results:

Debugging information (see details here):

Configuration:

my /etc/rspamd/local.d/milter_headers.conf
strict_auth = true;

my /etc/rspamd/local.d/dkim_signing.conf

allow_envfrom_empty = true;
allow_hdrfrom_mismatch = false;
allow_hdrfrom_multiple = false;
allow_username_mismatch = false;
auth_only = true;
path = "/etc/dkim/$domain/$selector.key";
selector = "mail";
sign_local = true;
symbol = "DKIM_SIGNED";
try_fallback = true;
use_domain = "header";
use_esld = true;
use_redis = false;
key_prefix = "DKIM_KEYS";

domain {
wonghome.net {
path = "/etc/dkim/wonghome.net/mail.key";
selector = "mail";
}
}

Additional information:

[fatalbanana]

DKIM signing module uses some predefined policy (subject to configuration) to determine which mails it should sign/with what domain. It wants to see that authenticated usernames contain the DKIM signing domain- in your case usernames are unqualified so that won't work- you'll want to set allow_username_mismatch = true;.

[johnwmail]

OK, but I also want to know, what username rspamd saw is, why it is not match.
How can I see/debug it?
Because I use the same username login my mail server all the time.
Thanks.

[johnwmail]

allow_username_mismatch = false;

If false, messages from authenticated users are not selected for signing

Copy by https://rspamd.com/doc/modules/dkim_signing.html#principles-of-operation

Why authenticated users are not selected for signing?

Thanks.

[fatalbanana]

Descriptions are above settings:

# If true, username does not need to contain matching domain
allow_username_mismatch = false;

# If false, messages from authenticated users are not selected for signing
auth_only = true;

Rspamd logs know about usernames:

#26211(normal) <3c83ae>; task; rspamd_task_write_log: id: <x@y>, ip: 127.0.0.1, user: bob, [...]

[johnwmail]

Yes, it work now, thank you.