ISPConfig 3.2.11 + Postfix + rspamd + DKIM forl localdelivery

Discussion in 'Installation/Configuration' started by StefanoAI, Oct 24, 2023.

  1. StefanoAI

    StefanoAI New Member

    Good morning, I would like to ask a question,
    I use ISPConfig 3 on debian 12 with
    postfix + dovecot + rspamd
    everything is working, however the DKIM signature is inserted only if the email leaves SMTP, while for emails delivered locally via LMTP no signature is added.
    Is it possible to force local email delivery via the SMTP protocol or force DKIM signing?

    I understand that the signature on locally delivered emails does not make much sense for many cases, but by configuring email addresses via providers like gmail, when you send the email to another email configured in another GMAIL account the alert message appears because it is not DKIM signature present.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    DKIm signing is done by rspamd, normally sign_local should be active and this is not overridden by ISPConfig config file, but you might want to check the rspamd config files on your system. I'm not sure though if sign_local also includes lmtp, you might want to take a look into rspamd documentation.
     
  3. StefanoAI

    StefanoAI New Member

    unfortunately the rspamd sign_local option is already active, I also believe that it is not applied on lmtp,
    Isn't there a way to use smtp instead of lmtp?
    or make postfix believe that the domain is not present among the aliases on the server?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    I just made a test with a locally delivered email. I created a test domain, enabled dkim for it, and created a mailbox under this domain. I then used roundcube webmail to log in to the newly created mailbox on the same server and sent an email to the same mailbox I was logged in. RoundCube sends this to localhost, so it never leaves the server and gets signed correctly with Dkim. Debian 12, standard ISPConfig setup.

    Code:
    Return-Path: <[email protected]>
    Delivered-To: [email protected]
    Received: from server1.example.com
        by server1.example.com with LMTP
        id XhbkIZoeOGWCCwAAbNMUsw
        (envelope-from <[email protected]>)
        for <[email protected]>; Tue, 24 Oct 2023 21:44:26 +0200
    Received: from server1.example.com (localhost [IPv6:::1])
        (Authenticated sender: [email protected])
        by server1.example.com (Postfix) with ESMTPA id 5C7DDDFF9F
        for <[email protected]>; Tue, 24 Oct 2023 21:44:25 +0200 (CEST)
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=test.int; s=default;
        t=1698176665;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding;
        bh=co1rW9N0+V2zZl92t5Vm28PnX/EZvEL4zGaQnKla2lg=;
        b=HFjANCfziEAQDrgVedkQJFr/KkK8exySeEn5h0zXLuMvZ0q+uQlw5Eh9Ympi3wNoHBEI/c
        3Sb6HzM1kdTnCd+0ZTbW/iK6BwThrhKWYKyE3JxHvSINBg4zQx2mQOCcrEXQQ6marQ/yEq
        ttbjXzspRhqzFgBAxUFNHTQTSiAPtxzGWEd0pHRmiGt8esewvjf0d28lJ5MkQrfilsr0pK
        L5a32KPpasBU8lnPJu+YmZnUdCUK/GOlA8ezrRCnGWsUVyntFOoQwMCUlwv4w+YjNChVp7
        w24a2ukET5cLWf4hWiYYw8bkOziuVSOZoog2YuK7FOF7QEmCRmxrmjWkkxzx7Q==
    MIME-Version: 1.0
    Date: Tue, 24 Oct 2023 21:44:25 +0200
    From: [email protected]
    To: [email protected]
    So the question is how exactly you deliver them locally, as sending emails on the same server does not prevent them from being signed and as you can see, delivery happened with LTMP too here "
    Received: from server1.example.com by server1.example.com with LMTP". Maybe you use just a wrong from address, which does not has a DKIM signature assigned to it.
     
    StefanoAI and ahrasis like this.
  5. StefanoAI

    StefanoAI New Member

    Thanks till,
    I don't know why, but I reinstalled from 0 again and the signing was successful.
    Yesterday I always performed an installation from scratch but as a secondary server only mail (expert), today I preferred to perform a complete installation (no expert) and everything works correctly.

    I don't know if it matters but yesterday I installed by running
    Code:
    wget -O - https://get.ispconfig.org | sh -s -- --no-dns --no-local-dns --no-roundcube --no-pma --no-mailman --no-quota --no-ntp --no-jailkit --no-ftp --monit --monit-alert-email=xxx --ssh-permit-root=without-password --ssh-password-authentication=no --ssh-harden
    Today
    Code:
    wget -O - https://get.ispconfig.org | sh -s -- --use-php=system --no-dns --no-local-dns --roundcube --no-mailman --no-quota --no-ntp --no-ftp --monit --monit-alert-email=xxx --unattended-upgrades=autoclean
    I need to use --no-ntp because i install ntp on debian setup.

    Thank you again.
     
    Th0m and ahrasis like this.

Share This Page