On Wed, 8 Mar 2023, Phil Stracchino via Postfix-users wrote:
On 3/7/23 15:36, Bernardo Reino via Postfix-users wrote:
On Tue, 7 Mar 2023, John Stoffel via Postfix-users wrote:
So what's the option for a more upto date version of DKIM milter for
debian?
rspamd does DKIM, SPF, DMARC and ARC (and lots more), and doesn't segfault
(so
far ;-)
I'm STILL trying to figure out rspamd's documentation enough to understand
how to enable and configure all of those, so that I can have one milter
instead of four.
Here some quick notes from my configuration (related to SPF/DKIM/DMARC checking,
i.e. when receiving e-mails):
SPF and DKIM are enabled by default, and at least I didn't need to have any
local config (which would go in local.d/{spf,dkim}.conf)
(DKIM signing is another matter, requiring configuration, but this is another
topic)
DMARC is also enabled by default, and I have the following in
local.d/dmarc.conf, to "add_header" instead of "reject" even when DMARC would
say otherwise. I also have enabled DMARC reporting, including a list of domains
to which no report should be sent (e.g. because they reject e-mails to the very
address they publish for this purpose..)
***
actions = {
quarantine = "add_header";
# reject = "reject";
reject = "add_header";
}
reporting {
enabled = true;
org_name = "BBMK";
domain = "bbmk.org";
email = "rep...@dmarc.bbmk.org";
from_name = "Rspamd"
max_entries = 1000; # per domain
keys_expire = 7d; # expire date for redis
# bcc_addrs = [ "postmas...@bbmk.org" ];
}
no_reporting_domains = "/etc/rspamd/local.d/dmarc_no_reporting_domains.txt";
***
(obviously, org_name, domain, email and from_name should be adapted
accordingly..)
I don't know if this is part of the default, but over time I've ended up having
the following in local.d/milter_headers.conf (replace "BBMK" with whatever
(host)name you want to appear in the X-Rspamd-Server header, or enable "remove =
true" to avoid this header)
***
extended_spam_headers = true;
authenticated_headers = ["authentication-results"];
local_headers = ["authentication-results"];
use = ["authentication-results"];
remove_upstream_spam_flag = true;
skip_local = false;
skip_authenticated = false;
routines {
x-rspamd-server {
header = "X-Rspamd-Server";
# remove = true;
hostname = "BBMK";
}
}
***
That's it for now. The documentation may be confusing (and some things changed
in the past, but I think nowadays the documentation and actual configuration are
rather stable).
There's of course the rspamd-users mailing list, which might be of assistance.
Good luck!
Bernardo
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
