General questions for rspamd

Discussion in 'Installation/Configuration' started by Domi, Mar 14, 2020.

  1. Domi

    Domi New Member

    Hi guys, last Sunday i installed 'rspamd' on one of my servers and it works fine. But now i have some questions...
    I have more than one E-Mail Domains on my Server and one of these Domains has an E-Mail Account. These Account collect all of my forwarding Mails. I use Thunderbird to get the Mails with IMAP and have two (or more) identities but one SMTP Account for smtp-auto on postfix.

    The smtp-auth Account is (example) [email protected] and if i send a mail from domain1.tld will the dkim-signature append on my mails. Now comes the funny fact, if i send a mail from my second identitie (domain2.tld) and use my smtp-auth from domain1.tld, the dkim-signature will not be append to my send mails. Does exist an option to add the dkim-signature to my send mails, if i use the second identitie and these only smtp-auth account?

    Example,
    - [email protected] (my inbox, primary account in ispconfig and on my Server)
    - [email protected] (forwarding to [email protected] and second identitie on thunderbird)
    - [email protected] (forwarding to [email protected], another identitie on thunderbird)

    If i write and send a mail from [email protected], rspamd add my dkim-signature. That makes sense, i send a mail from the same domain like the smtp-auth :) But how can i explain rspamd, that he should add the dkim-signature if i use my only smtp-auth Account and will send with some of my other identities?

    I hope i could explain one of my question with my broken english :)

    Greetings from Germany
    Domi

    Edit: I think i have found a solution... with the default setting from the most "howto install rspamd on ispconfig", it doesn't work. But i have edit the settings and now i can auth with my smtp User and send with some of my domains and the dkim-signature will add to the header of my mails :)
    # local.d/dkim_signing.conf
    # If false, messages with empty envelope from are not signed
    allow_envfrom_empty = true;

    # If true, envelope/header domain mismatch is ignored
    allow_hdrfrom_mismatch = false;

    # If true, multiple from headers are allowed (but only first is used)
    allow_hdrfrom_multiple = false;

    # If true, username does not need to contain matching domain
    allow_username_mismatch = true;

    # Default selector to use
    selector = "default";

    # If false, messages from authenticated users are not selected for signing
    #sign_authenticated = true;

    # If false, messages from local networks are not selected for signing
    sign_local = true;

    # Map file of IP addresses/subnets to consider for signing
    # sign_networks = "/some/file"; # or url

    # Symbol to add when message is signed
    symbol = "DKIM_SIGNED";

    # Whether to fallback to global config
    try_fallback = false;

    # Domain to use for DKIM signing: can be "header" (MIME From), "envelope" (SMTP From) or "auth" (SMTP username)
    use_domain = "header";

    # Domain to use for DKIM signing when sender is in sign_networks ("header"/"envelope"/"auth")
    #use_domain_sign_networks = "header";

    # Domain to use for DKIM signing when sender is a local IP ("header"/"envelope"/"auth")
    #use_domain_sign_local = "header";

    # Whether to normalise domains to eSLD
    use_esld = false;

    # Whether to get keys from Redis
    use_redis = false;

    # Hash for DKIM keys in Redis
    key_prefix = "DKIM_KEYS";

    # map of domains -> names of selectors (since rspamd 1.5.3)
    selector_map = "/etc/rspamd/local.d/dkim_selectors.map";

    # map of domains -> paths to keys (since rspamd 1.5.3)
    path_map = "/etc/rspamd/local.d/dkim_domains.map";

    # If `true` get pubkey from DNS record and check if it matches private key
    check_pubkey = false;

    # Set to `false` if you want to skip signing if public and private keys mismatch
    allow_pubkey_mismatch = true;
     
    Last edited: Mar 17, 2020

Share This Page