Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Module dkim_signing: wrong getting domain name from 'header' (MIME From) #1808

Closed
alexxkn opened this issue Aug 24, 2017 · 3 comments
Closed

Module dkim_signing: wrong getting domain name from 'header' (MIME From) #1808

alexxkn opened this issue Aug 24, 2017 · 3 comments

Comments

@alexxkn
Copy link

@alexxkn alexxkn commented Aug 24, 2017

Classification (Please choose one option):

  • Crash/Hang/Data loss
  • WebUI/Usability
  • Serious bug
  • Other bug
  • Feature
  • Enhancement

Reproducibility (Please choose one option):

  • Always
  • Sometimes
  • Rarely
  • Unable
  • I didn’t try
  • Not applicable

Rspamd version:

1.6.3

Operation system, CPU, memory and environment:

CentOS 7, kernel 4.12.6, vcpu 4, ram 8Gb

Description (Please provide a descriptive summary of the issue):

Hello. I tried to configure module dkim_signing for signing different domains with different dkim keys.
I have some third-level domains. I sent mail from my postfix with one of them, but rspamd didn't properly select the domain name. I tried to use different setting, but my result always the same - wrong.
Please, tell me, what am I doing wrong? =)

Steps to reproduce:

telnet first.mydomain.com 25
HELO itsme.localhost
MAIL FROM:user@first.mydomain.com
rcpt to: my_account@gmail.com
DATA
FROM: user@first.mydomain.com
TO: my_account@gmail.com
SUBJECT: DKIM test
DKIM test
.

Expected results:

DKIM: PASS

Actual results:

2017-08-24 09:58:52 #11(normal) <f35cef>; task; lua_dkim_sign_handler: cannot load dkim key /var/lib/rspamd/arc/mydomain.com.arc.key: cannot stat private key /var/lib/rspamd/arc/mydomain.com.arc.key: No such file or directory
2017-08-24 09:58:52 #11(normal) <f35cef>; task; lua_dkim_sign_handler: cannot load dkim key /var/lib/rspamd/dkim/mydomain.com.dkim.key: cannot stat private key /var/lib/rspamd/dkim/mydomain.com.dkim.key: No such file or directory

Configuration:

postfix/main.conf
...
smtpd_milters = inet:first.mydomain.com:11332
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_default_action = accept
milter_protocol = 6
...

rspamd/rspamd.conf
...
dkim_signing {
allow_envfrom_empty = true;
allow_hdrfrom_mismatch = false;
allow_hdrfrom_multiple = false;
allow_username_mismatch = false;
auth_only = true;
sign_local = true;
symbol = "DKIM_SIGNED";
try_fallback = true;
use_domain = "header";
use_domain_sign_local = "header";
use_esld = true;
use_redis = false;

domain {
first.mydomain.com {
path = "/var/lib/rspamd/dkim/first.mydomain.com.key";
selector = "mail";}
}
}

Additional information:

If I set default path and default selector I see in the original text of the letter:
DKIM: | UNKNOWN, domain nul
dkim=temperror (no key for signature) header.i=@mydomain.com header.s=mail header.b=...;

@moisseev

This comment has been minimized.

Copy link
Member

@moisseev moisseev commented Aug 24, 2017

You need to use variables in default path:

path = "/var/lib/rspamd/dkim/$domain.$selector.key";
selector = "mail";

This means your keys are stored in /var/lib/rspamd/dkim/ directory as
first.mydomain.com.mail.key
second.mydomain.com.mail.key
etc.

Using domain {} section is not necessary unless you need specific setting for domains.

Also I'd suggest to not touch default configuration files.
Just create local.d/dkim_signing.conf instead:

path = "/var/lib/rspamd/dkim/$domain.$selector.key";
selector = "mail";
@fatalbanana

This comment has been minimized.

Copy link
Contributor

@fatalbanana fatalbanana commented Aug 24, 2017

Domains are normalised to eSLDs (use_esld = true) - so adding entry for first.mydomain.com won't work with this enabled, it's looking for mydomain.com.

@alexxkn

This comment has been minimized.

Copy link
Author

@alexxkn alexxkn commented Aug 24, 2017

@moisseev

You need to use variables in default path:

You are right - It's the best way, but I just want to show example.

Also I'd suggest to not touch default configuration files.

Certainly.

@fatalbanana My fault, I don't know what is eSLD. Without it everything works.

Thank you so much, guys!
Please, close the issue.

@fatalbanana fatalbanana closed this Sep 6, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.