How to solve Rspamd not signing some emails with DKIM key
The issue, in detail⌗
Let’s say, you have a mail server, reachable at mail.example.net. There is more than one domain assigned to it (example.net, but also example.org), so you can create aliases for your main email account (alice@example.net), and you can send using these aliases:
- alice@example.org
- admin@example.net
- admin@example.org
as well.
You’ve set up DKIM signing using rspamd. Your dkim_signing.conf looks like this:
path = "/var/lib/rspamd/dkim/$domain.$selector.key";
selector_map = "/etc/rspamd/dkim_selectors.map";
You’ve set up domainkey TXT records for both domains, and the selectors are set up.
Yet, when you send an email as alice@example.org, from your user account alice@example.net, the DKIM key does not get attached.
The cause⌗
The issue stems from rspamd’s DKIM signing defaults requiring emails from authenticated users to be sent from the exact username@domain combination that is stated in the From header. If you were to enable logging for the dkim_signing module, it would say “user domain mismatch”.
The solution⌗
You should add the following to your dkim_signing.conf:
allow_hdrfrom_mismatch = true;
allow_username_mismatch = true;