Just so you know, you're not alone on this. I deal with both inbound and
outbound mail, and I still think rspamd is a sledgehammer. I'd much prefer
to use a separate dkim-sign and even dkim-verify filter.

-- Maarten

On Thu, 23 Jul 2020 at 05:00, Sam Vaughan <samjvaug...@gmail.com> wrote:

> Hi all,
> I’ve been very happy with OpenSMTPd on both OpenBSD and FreeBSD for a long
> time now but have recently come unstuck with DKIM signing on FreeBSD.  I
> started out using dkimproxy successfully, then “filter dkim-sign” came
> along and it was even better.  But as of OpenSMTPd 6.6, the
> opensmtpd-extras dkim filter has been deleted and its FreeBSD port has gone
> too.
> Word on the street seemed to be to use rspamd for DKIM signing, but that's
> a hell of a big hammer.  Resigned to my fate, I set up rspamd on FreeBSD
> 12.1 and got it working with a few test messages.  But I then found that
> the system’s automated nightly emails were all coming up "dkim=fail”.  No
> matter what I tried, I couldn’t replicate it manually - sending as root,
> sending to the same gmail group, whatever.  All my test messages would
> still come up “dkim=pass”.
> Before I got to the bottom of that issue, a bigger one showed up.  A
> recent minor pkg upgrade seems to have caused rspamd to regularly crash with
> glib; rspamd_glib_printerr_function: **
> ERROR:/wrkdirs/usr/ports/mail/rspamd/work/rspamd-2.4/src/libstat/tokenizers/tokenizers.c:397:rspamd_tokenize_text:
> assertion failed: (U_SUCCESS (uc_err))
> I’ve had no luck finding a fix for that yet, but I feel like I’m at a
> crossroads.  I understand that with their limited time, the OpenSMTPd
> developers decided to leave as much as possible to rspamd, but what a shame
> DKIM signing is in that category too.  Does anyone really consider DKIM
> signing an optional feature any more?
> I see that everything’s good on OpenBSD thanks to Martijn’s dkim filter,
> but there's no port of it on FreeBSD and my initial efforts to create one
> showed that it’s not a job for a first-time porter.  So I now don’t know
> whether to try looking into milter support for OpenDKIM, or revert back to
> dkimproxy, or maybe even compile and run an old OpenSMTPd version like the
> 6.1 port which works flawlessly on FreeBSD 11.3.
> It seems weird to me that so few OpenSMTPd users seem to have been
> affected by this change.  A lot of you must be on platforms other than
> OpenBSD.  Perhaps I’m unusual in wanting to only do outbound?  Of course
> rspamd is just part of the deal for inbound.  Maybe outbound-only people
> are relaying straight to Mailgun so they don’t need to worry about
> SPF/DKIM/DMARC?  It is tempting.
> Cheers,
> Sam

Reply via email to