Hello, I am struggling with the the problem that rspamd is not signing alias mails, I have a main mailbox called mail@domain,tld and for this account an alias mail named post@aliasdomain,tld (Allow target to send mail using this alias as origin - enabled), DKIM signing is working fine for the main mail itself, If I write a mail with my email client from post@seconddomain,tld, but with the same mailbox account, the mail gets sent but not signed with DKIM, If I create a separate mailbox on seconddomain,tld, DKIM signing is working properly, The correct private and public keys are created for the domains itself, Code: [/var/lib/amavis/dkim] └──╼ # ls -la total 64 drwxr-x--- 2 _rspamd _rspamd 4096 Mar 29 13:45 . drwxr-x--- 3 _rspamd _rspamd 4096 May 27 2020 .. -rw-r--r-- 1 root root 1702 Mar 29 13:16 mail@domain,tld,private -rw-r--r-- 1 root root 451 Mar 29 13:16 mail@domain,tld,public -rw-r--r-- 1 root root 1706 Mar 29 13:16 post@seconddomain,tld,private -rw-r--r-- 1 root root 451 Mar 29 13:16 post@seconddomain,tld,public Code: cat dkim_domains,map domain,tld /var/lib/amavis/dkim/domain,tld,private seconddomain,tld /var/lib/amavis/dkim/seconddomain,tld,private Code: cat dkim_selectors,map domain,tld default seconddomain,tld default On my rspamd dashboard the error "no actions in settings: ispc_mail_forwarding_14" is shown, Does someone have an idea why my alias mails are not signed?
What you describe is the default rspamd behavior: If envelope from address is not empty, the effective second level domain must match the MIME header From If authenticated user is present, this should be suffixed with @domain where domain is what’s seen in the envelope/header From address Try setting `allow_hdrfrom_mismatch = true;` and `allow_username_mismatch = true;' in /etc/rspamd/local.d/dkim_signing.conf (and you'll have to use a conf-custom template to make that change survive ISPConfig updates). @Croydon: I would propose we set these two automatically if reject_sender_login_mismatch is true. (Without rslm enabled I'd leave them false to avoid one customer sending spoofed mail that is also dkim signed.)
Unfortunately the issue reappeared after I updated to ISPConfig 3.2.5, although I still have the config changes in place. Any ideas? Thanks in advance! Fixed the issue by checking, which I have activated before but got somehow disabled: System-->Server Config-->Mail--> Reject sender and login mismatch