Skip to content

DKIM subdomain support #1317

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
FinnJanik opened this issue Mar 20, 2025 · 0 comments
Open

DKIM subdomain support #1317

FinnJanik opened this issue Mar 20, 2025 · 0 comments
Assignees
@d00p

Comments

@FinnJanik
Copy link

FinnJanik commented Mar 20, 2025
edited
Loading

Describe the bug
When I add a subdomain to froxlor, like some-name.domain.tld everything works fine, except the DKIM signature of the individual email messages. rsmapd tries to access /var/lib/rspamd/dkim/domain.tld.dkim.key, which ofcourse wasn't configured by froxlor, as the mail sending domain is some-name.domain.tld. After some research and debugging I found that when adding use_esld = false to the /etc/rspamd/local.d/dkim_signing.conf the DKIM signature is added to the message. Apparently rspamd only extracts the root domain part when using $domain as a variable.

System information

  • Froxlor version: 2.2.6
  • PHP sapi & version: php-fpm 8.3
  • Web server: nginx
  • DNS server: Bind
  • POP/IMAP server: Dovecot
  • SMTP server: postfix
  • FTP server: proftpd
  • OS/Version: Ubuntu 24.04.2 LTS

To Reproduce
Steps to reproduce the behavior:

  1. Create a new domain in froxlor like some-domain.domain.tld
  2. Enable the domain as EmailDomain and enable DomainKeys
  3. Set the required DNS entries (spf, dmarc, dkim)
  4. Create an inbox including account for the domain some-inbox@some-domain.domain.tld
  5. Send an email from some-inbox@some-domain.domain.tld
  6. Check that there is no DKIM signature attached to the email
  7. Open the rspamd logfile and see, that it was tried to load the key file from domain.tld.dkim.key

Expected behavior
Also with non root domains DKIM signing should work as expected. use_esld = false should be added to the /etc/rspamd/local.d/dkim_signing.conf file in the froxlor configuration files.

Logfiles
2025-03-20 10:41:18 #149724(normal) <20CAB3>; lua; settings.lua:387: <608d5a05bf0990b55676c6707e51115e@some-domain.domain.tld> apply static settings frx_5806ae255305e63ec5e8a703d36114e0_from (id = 1198715664); from matched; priority medium 2025-03-20 10:41:18 #149724(normal) <20CAB3>; task; dkim_symbol_callback: skip DKIM checks for local networks and authorized users 2025-03-20 10:41:18 #149724(normal) <20CAB3>; lua; spf.lua:189: skip SPF checks for local networks and authorized users 2025-03-20 10:41:18 #149724(normal) <20CAB3>; lua; dmarc.lua:360: skip DMARC checks as either SPF or DKIM were not checked 2025-03-20 10:41:18 #149724(normal) <20CAB3>; task; dkim_module_load_key_format: cannot load dkim key /var/lib/rspamd/dkim/domain.tld.dkim.key: cannot stat key file: '/var/lib/rspamd/dkim/domain.tld.dkim.key' No such file or directory
@d00p d00p self-assigned this Mar 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@d00p d00p

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@d00p @FinnJanik