The issue, in detail

Let’s say, you have a mail server, reachable at There is more than one domain assigned to it (, but also, so you can create aliases for your main email account (, and you can send using these aliases:


as well.

You’ve set up DKIM signing using rspamd. Your dkim_signing.conf looks like this:

path = "/var/lib/rspamd/dkim/$domain.$selector.key";
selector_map = "/etc/rspamd/";

You’ve set up domainkey TXT records for both domains, and the selectors are set up. Yet, when you send an email as, from your user account, the DKIM key does not get attached.

The cause

The issue stems from rspamd’s DKIM signing defaults requiring emails from authenticated users to be sent from the exact username@domain combination that is stated in the From header. If you were to enable logging for the dkim_signing module, it would say “user domain mismatch”.

The solution

You should add the following to your dkim_signing.conf:

allow_hdrfrom_mismatch = true;
allow_username_mismatch = true;