Postfix/rspamd DKIM signing

Started by bubbel, November 30, 2020, 05:30:27 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
February 26, 2022, 12:38:44 PM #15
If there is an easy to use example, maybe
November 15, 2023, 04:26:44 PM #16
i check the setup file and correct the format for multi-domains - but i dont get any dkim signed mails out of the opnsense.
Is there any changes since this solution was posted?
November 27, 2023, 12:40:55 PM #17
Hi, i have configured it with the setup script and get this config file with modification of the domains for correct syntax. But the mails will not be signed. i make restarts of the servers, reboot the opnsense, but nothing works. here is my config file:

Code Select
root@sense:/usr/local/etc/rspamd/local.d # cat dkim_signing.conf
enabled = true;
allow_envfrom_empty = true;
allow_hdrfrom_mismatch = true;
allow_hdrfrom_multiple = false;
allow_username_mismatch = true;
auth_only = false;
selector = "dkim";
sign_local = true;
symbol = "DKIM_SIGNED";
try_fallback = false;
use_domain = "header";
use_esld = true;
use_redis = true;
key_prefix = "DKIM_KEYS";
path = "/root/dkim/$domain.key";

domain { xxxx.eu      { selector = 'selector2'; },
         xxxx.at      { selector = 'selector2'; },
         xxxx.eu     { selector = 'selector2'; },
         xxxx.at { selector = 'selector2'; },
         xxxx.com { selector = 'selector2'; }
        }


did anyone have a hint for me?
Today at 04:40:10 PM #18
Hi. Since topic is the first result in google, here is my minimalistic step-by-step guide.
Done and tested on 25.7.4.

1. install os-rspamd

2. create folder for dkim key
mkdir usr/local/etc/rspamd/dkim

3. create key
rspamadm dkim_keygen -b 2048 -s email -d yourdomain.com -k /usr/local/etc/rspamd/dkim/email.key /usr/local/etc/rspamd/dkim/email.txt

4. edit owner and acl
chown rspamd /usr/local/etc/rspamd/dkim/email.key
chown 640 /usr/local/etc/rspamd/dkim/email.key

5. disable clamav module
nano /usr/local/etc/rspamd/override.d/antivirus.conf
enabled = false;

6. enable dkim
nano /usr/local/etc/rspamd/override.d/dkim_signing.conf
enabled = true;
sign_local = true; #send from known hosts and networks
sign_inbound = false;
auth_only = false; #send only from authenticated users
use_domain = "header";
allow_hdrfrom_mismatch = false;
allow_username_mismatch = false;

domain {
  yourdomain.com {
    selector = "email";
    path = "/usr/local/etc/rspamd/dkim/email.key";
  }
}

7. test syntax
rspamadm configtest

8. enable plugin and enable antispam in postfix

9. restart both

10. add dns record from /usr/local/etc/rspamd/dkim/email.txt

11. send email and check its properties

?????

DKIM=Pass
Print
Go Up Pages 1 2
User actions