Prerequisites

• Put an X between the brackets on this line if you have done all of the following:
  • Read about bug reporting in general: https://rspamd.com/doc/faq.html#how-to-report-bugs-found-in-rspamd
  • Enabled relevant debugging logs: https://rspamd.com/doc/faq.html#how-to-debug-some-module-in-rspamd
  • Checked the FAQs about Core files in case of fatal crash: https://rspamd.com/doc/faq.html#how-to-figure-out-why-rspamd-process-crashed
  • Tried ASAN package and obtained the ASAN report (if possible): https://rspamd.com/doc/faq.html#asan-builds
  • Checked that your issue isn't already filed: https://github.com/issues?utf8=%E2%9C%93&q=is%3Aissue+user%3Arspamd
  • Checked that there is not already an experimental package or master branch

Describe the bug

This issue closed on May 5 2018, which appears to be related to this PR merged on May 7 2018 with no real context about why that was necessary?

Steps to Reproduce

When I ran rspamadm configdump arc to get the default module settings with Rspamd, I noticed a hard-coded IP that seemed questionable as a default. The arc config section output appears to be from these two files:

• arc.conf (imported via modules.conf)
• cgp.inc (imported via rspamd.conf)

$ docker run --rm -it rspamd/rspamd bash
$ rspamd --version
Rspamd daemon version 3.11.0

$ rspamadm configdump arc
# ... See next snippet below

# Sets `sign_networks` for both arc and dkim sections:
grep -R '127.2.4.7' /usr
/usr/share/rspamd/config/cgp.inc:    sign_networks = [127.2.4.7];
/usr/share/rspamd/config/cgp.inc:    sign_networks = [127.2.4.7];
/usr/share/rspamd/config/cgp.inc:    local_addrs = [127.2.4.7];

rspamadm configdump arc output:

*** Section arc ***
allow_envfrom_empty = true;
allow_hdrfrom_mismatch = true;
allow_hdrfrom_multiple = false;
allow_username_mismatch = false;
selector = "arc";
sign_authenticated = false;
sign_inbound = true;
sign_local = false;
sign_symbol = "ARC_SIGNED";
try_fallback = true;
use_domain = "recipient";
use_esld = true;
use_redis = false;
key_prefix = "ARC_KEYS";
sign_networks [
    "127.2.4.7",
]

*** End of section arc ***

Expected behavior

cgp.inc should not be shipped by Rspamd as part of the default configs?

Otherwise an explanation for why cgp.inc is warranted? Why is this very specific IP to support a proprietary service required? Shouldn't CommuniGate Pro document/handle such custom configuration for Rspamd on their end in their end for their own/customer deployments?

Versions

Present since Rspamd 1.7.5 (2018)

Additional Information

Documentation on sign_networks is light, both ARC and DKIM modules briefly mention it:

A mail is eligible for signing if it is received from an authenticated user, a reserved IP address, or an address in the sign_networks map (if defined)

When using these options, they passthrough all mismatch checks. The only meaningful setting is sign_networks in this mode as it corresponds with OpenDKIM behaviour. Otherwise, Rspamd will perform signing based on matching of the Mime From header with the entries in signing_table