-
-
Notifications
You must be signed in to change notification settings - Fork 378
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DKIM signing on foreign domains #2832
Comments
same result |
I don't understand your question. There are lots of knobs to control signing and I have neither time nor desire to explore your particular setup. So my question is if there is any issue with Rspamd that cannot be resolved by some proper configuration? |
rspamd tries to sign EVERY mail that goes through the milter, but it should only sign mails with sender domains that are listed in the domain{} section. |
Then there is something wrong with your configuration. |
Could you please show some logs? I'd like to check with my setup.
Am Mi., 3. Apr. 2019 um 16:03 Uhr schrieb Vsevolod Stakhov <
notifications@github.com>:
… Then there is something wrong with your configuration.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#2832 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ACUF2lf5kharhVxcZngAW2_EcSxC9rpfks5vdLTCgaJpZM4cYxN0>
.
|
Thats a very helpful answer :-( |
@hildeb: at the moment I have no error messages because I resetted them. In the error log of webui I saw error messages that it could not find the signing key (for the foreign sender domains) |
Are you suggesting me to telepathically get your relevant config or debug
logs? Enable debugging for dkim_signing module and provide your local
config (maybe replacing actual domains or keys). Such discussions should
also happen in the mailing list, as the issue tracker is for bug reports
mainly and not a general help channel for Rspamd.
…On 3 April 2019 15:08:08 busybit ***@***.***> wrote:
Thats a very helpful answer :-(
Maybe the documentation of the dkim signing modul is missing some explanation?
--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
#2832 (comment)
|
cannot load dkim key /var/lib/rspamd/dkim/tomsk.ru.dkim.key: cannot stat key file: '/var/lib/rspamd/dkim/tomsk.ru.dkim.key' Нет такого файла или каталога |
That's not a debug log.
…On 3 April 2019 16:00:15 toto4ds ***@***.***> wrote:
cannot load dkim key /var/lib/rspamd/dkim/tomsk.ru.dkim.key: cannot stat
key file: '/var/lib/rspamd/dkim/tomsk.ru.dkim.key' Нет такого файла или
каталога
--
--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
#2832 (comment)
|
@vstakhov: I tried it on the mailing list but got no answer. And I assume its a bug when it tries signing domains which are not listed in the domain{} section. Maybe its a lack of documentation for proper setup, but then its a bug in documentation. |
To understand your problem I need two things: your local config and debug logs for https://rspamd.com/doc/faq.html#how-to-debug-some-module-in-rspamd |
Ok, here is the config an a debug log of dkim_signing on a mail received from gmail and forwarded through sieve rule. |
You have default_path and allows fallback. Hence, Rspamd tries to load keys in the default path. That's all expected behaviour and debug logs clearly show what's happening there:
You can disable fallback for your case and Rspamd will use merely specifically defined domains. |
Classification (Please choose one option):
Reproducibility (Please choose one option):
Rspamd version: 1.9.0
Operation system Debian Stretch, CPU amd64:
Description (Please provide a descriptive summary of the issue):
DKIM signing module tries signing for foreign domains
Compile errors (if any):
Relevant logs (see details here):
Expected results:
No signing on foreign domains
Actual results:
Debugging information (see details here):
Configuration (e.g.
rspamadm configdump module
):Additional information:
I'm using rspamd for dkim signing on outgoing mails through postfix milter. This generally works, but rspamd does not distinguish on sender domains. When forwarding mail through dovecot sieve rules, mails passes rspamd milter and it tries to sign the mail. But when forwarding mails, the sender ist different from the local domain, and rspamd does not find a key for signing, resulting in an error.
rspamd should only try to sign sender domains listed in the domain section of configuration.
The text was updated successfully, but these errors were encountered: