Skip to content

Rspamd DKIM unsigned #3598

Closed
Closed
Rspamd DKIM unsigned#3598
Assignees
georglauterbach
Labels
area/networkingkind/bug/reportA report about a bugmeta/needs triageThis issue / PR needs checks and verification from maintainersservice/security/rspamd
@ceeim

Description

@ceeim
ceeim
opened on Oct 23, 2023

📝 Preliminary Checks

  • I tried searching for an existing issue and followed the debugging docs advice, but still need assistance.

👀 What Happened?

Rspamd DKIM unsigned, sending emails to mail-tester prompts this issue. Can someone tell me where the problem is? I have no issues when using OpenDKIM.

dkim_signing.conf:

# documentation: https://rspamd.com/doc/modules/dkim_signing.html

enabled = true;

sign_authenticated = true;
sign_local = false;
try_fallback = false;

use_domain = "header";
use_redis = false; # don't change unless Redis also provides the DKIM keys
use_esld = true;
allow_username_mismatch = true;

check_pubkey = true; # you want to use this in the beginning

domain {
    mail-1.com {
        path = "/tmp/docker-mailserver/rspamd/dkim/rsa-2048-mail-mail-1.com.private.txt";
        selector = "mail";
    }
    mail-2.com {
        path = "/tmp/docker-mailserver/rspamd/dkim/rsa-2048-mail-mail-2.com.private.txt";
        selector = "mail";
    }
}

👟 Reproduction Steps

No response

🐋 DMS Version

edge

💻 Operating System and Architecture

ARM64

⚙️ Container configuration files

services:
  mailserver:
    image: ghcr.io/docker-mailserver/docker-mailserver:edge
    container_name: mailserver
    # If the FQDN for your mail-server is only two labels (eg: example.com),
    # you can assign this entirely to `hostname` and remove `domainname`.
    hostname: mx
    domainname: test.com
    env_file: mailserver.env
    # More information about the mail-server ports:
    # https://docker-mailserver.github.io/docker-mailserver/edge/config/security/understanding-the-ports/
    # To avoid conflicts with yaml base-60 float, DO NOT remove the quotation marks.
    ports:
      - "25:25"    # SMTP  (explicit TLS => STARTTLS)
      - "465:465"  # ESMTP (implicit TLS)
      - "587:587"  # ESMTP (explicit TLS => STARTTLS)
      - "993:993"  # IMAP4 (implicit TLS)
    dns:
      - 1.1.1.1
      - 1.0.0.1
      - 2606:4700:4700::1111
      - 2606:4700:4700::1001
    volumes:
      - ./docker-data/mail-data/:/var/mail/
      - ./docker-data/mail-state/:/var/mail-state/
      - ./docker-data/mail-logs/:/var/log/mail/
      - ./docker-data/config/:/tmp/docker-mailserver/
      - ./docker-data/custom-certs/:/tmp/dms/custom-certs/:ro
    environment:
      - OVERRIDE_HOSTNAME=hostname.test.com
      - ONE_DIR=1
      - ENABLE_DNSBL=1
      - ENABLE_FAIL2BAN=1
      - ENABLE_FETCHMAIL=1
      - FETCHMAIL_POLL=60
      - ENABLE_RSPAMD=1
      - ENABLE_OPENDKIM=0
      - ENABLE_OPENDMARC=0
      - ENABLE_POLICYD_SPF=0
      - ENABLE_AMAVIS=0
      - ENABLE_SPAMASSASSIN=0
      - RSPAMD_CHECK_AUTHENTICATED=1
      - RSPAMD_GREYLISTING=1
      - RSPAMD_LEARN=1
      - RSPAMD_HFILTER=1

    restart: always
    stop_grace_period: 1m
    cap_add:
      - NET_ADMIN
      - SYS_PTRACE
    healthcheck:
      test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
      timeout: 3s
      retries: 0

📜 Relevant log output

mailserver  | Oct 23 16:59:35 mx postfix/submissions/smtpd[11904]: 977791825AB: client=ec1.2.3.4.ap-northeast-1.compute.amazonaws.com[1.2.3.4], sasl_method=PLAIN, [email protected]
mailserver  | Oct 23 16:59:35 mx postfix/sender-cleanup/cleanup[12193]: 977791825AB: message-id=<[email protected]>
mailserver  | Oct 23 16:59:35 mx postfix/sender-cleanup/cleanup[12193]: 977791825AB: replace: header MIME-Version: 1.0 from ec1.2.3.4.ap-northeast-1.compute.amazonaws.com[1.2.3.4]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[10.0.0.118]>: MIME-Version: 1.0
mailserver  | Oct 23 16:59:35 mx postfix/qmgr[955]: 977791825AB: from=<[email protected]>, size=8137, nrcpt=1 (queue active)
mailserver  | Oct 23 16:59:36 mx dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=1.2.3.4, lip=172.27.0.2, mpid=12254, TLS, session=<dmsIcV4IPL0N5t7u>
mailserver  | Oct 23 16:59:37 mx dovecot: imap([email protected])<12254><dmsIcV4IPL0N5t7u>: Logged out in=8213 out=626 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
mailserver  | Oct 23 16:59:37 mx dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=1.2.3.4, lip=172.27.0.2, mpid=12263, TLS, session=<gsEScV4ISr0N5t7u>
mailserver  | Oct 23 16:59:38 mx postfix/smtp[12223]: Anonymous TLS connection established to reception.mail-tester.com[94.23.206.89]:25: TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)
mailserver  | Oct 23 16:59:39 mx postfix/smtp[12223]: 977791825AB: to=<[email protected]>, relay=reception.mail-tester.com[94.23.206.89]:25, delay=4.4, delays=0.33/0.02/3.4/0.65, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 706E4A0BEE)
mailserver  | Oct 23 16:59:39 mx postfix/qmgr[955]: 977791825AB: removed
mailserver  | Oct 23 16:59:43 mx postfix/smtpd[10600]: warning: milter inet:localhost:11332: can't read SMFIC_OPTNEG reply packet header: Connection timed out
mailserver  | Oct 23 16:59:43 mx postfix/smtpd[10600]: warning: milter inet:localhost:11332: read error in initial handshake

Improvements to this form?

No response

Metadata

Metadata

Assignees

Labels

area/networkingkind/bug/reportA report about a bugmeta/needs triageThis issue / PR needs checks and verification from maintainersservice/security/rspamd

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions