Good morning, I would like to ask a question, I use ISPConfig 3 on debian 12 with postfix + dovecot + rspamd everything is working, however the DKIM signature is inserted only if the email leaves SMTP, while for emails delivered locally via LMTP no signature is added. Is it possible to force local email delivery via the SMTP protocol or force DKIM signing? I understand that the signature on locally delivered emails does not make much sense for many cases, but by configuring email addresses via providers like gmail, when you send the email to another email configured in another GMAIL account the alert message appears because it is not DKIM signature present.
DKIm signing is done by rspamd, normally sign_local should be active and this is not overridden by ISPConfig config file, but you might want to check the rspamd config files on your system. I'm not sure though if sign_local also includes lmtp, you might want to take a look into rspamd documentation.
unfortunately the rspamd sign_local option is already active, I also believe that it is not applied on lmtp, Isn't there a way to use smtp instead of lmtp? or make postfix believe that the domain is not present among the aliases on the server?
I just made a test with a locally delivered email. I created a test domain, enabled dkim for it, and created a mailbox under this domain. I then used roundcube webmail to log in to the newly created mailbox on the same server and sent an email to the same mailbox I was logged in. RoundCube sends this to localhost, so it never leaves the server and gets signed correctly with Dkim. Debian 12, standard ISPConfig setup. Code: Return-Path: <[email protected]> Delivered-To: [email protected] Received: from server1.example.com by server1.example.com with LMTP id XhbkIZoeOGWCCwAAbNMUsw (envelope-from <[email protected]>) for <[email protected]>; Tue, 24 Oct 2023 21:44:26 +0200 Received: from server1.example.com (localhost [IPv6:::1]) (Authenticated sender: [email protected]) by server1.example.com (Postfix) with ESMTPA id 5C7DDDFF9F for <[email protected]>; Tue, 24 Oct 2023 21:44:25 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=test.int; s=default; t=1698176665; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=co1rW9N0+V2zZl92t5Vm28PnX/EZvEL4zGaQnKla2lg=; b=HFjANCfziEAQDrgVedkQJFr/KkK8exySeEn5h0zXLuMvZ0q+uQlw5Eh9Ympi3wNoHBEI/c 3Sb6HzM1kdTnCd+0ZTbW/iK6BwThrhKWYKyE3JxHvSINBg4zQx2mQOCcrEXQQ6marQ/yEq ttbjXzspRhqzFgBAxUFNHTQTSiAPtxzGWEd0pHRmiGt8esewvjf0d28lJ5MkQrfilsr0pK L5a32KPpasBU8lnPJu+YmZnUdCUK/GOlA8ezrRCnGWsUVyntFOoQwMCUlwv4w+YjNChVp7 w24a2ukET5cLWf4hWiYYw8bkOziuVSOZoog2YuK7FOF7QEmCRmxrmjWkkxzx7Q== MIME-Version: 1.0 Date: Tue, 24 Oct 2023 21:44:25 +0200 From: [email protected] To: [email protected] So the question is how exactly you deliver them locally, as sending emails on the same server does not prevent them from being signed and as you can see, delivery happened with LTMP too here " Received: from server1.example.com by server1.example.com with LMTP". Maybe you use just a wrong from address, which does not has a DKIM signature assigned to it.
Thanks till, I don't know why, but I reinstalled from 0 again and the signing was successful. Yesterday I always performed an installation from scratch but as a secondary server only mail (expert), today I preferred to perform a complete installation (no expert) and everything works correctly. I don't know if it matters but yesterday I installed by running Code: wget -O - https://get.ispconfig.org | sh -s -- --no-dns --no-local-dns --no-roundcube --no-pma --no-mailman --no-quota --no-ntp --no-jailkit --no-ftp --monit --monit-alert-email=xxx --ssh-permit-root=without-password --ssh-password-authentication=no --ssh-harden Today Code: wget -O - https://get.ispconfig.org | sh -s -- --use-php=system --no-dns --no-local-dns --roundcube --no-mailman --no-quota --no-ntp --no-ftp --monit --monit-alert-email=xxx --unattended-upgrades=autoclean I need to use --no-ntp because i install ntp on debian setup. Thank you again.
