Hey,
>> Is it actually possible to sign subdomains with the DKIM signing module?
>
> Yes. use_esld = false; # means that
bar.example.com won't be normalised
> to
example.com for any purpose- ie. selection of signing domain;
> matching header vs envelope from domain & matching auth user domain
>
> The domain used for signing is extracted from MIME From (default) or
> SMTP From according to configuration.
>
> That may be more/less helpful depending on your environment (if you need
> to support a mix of subdomains and eSLDs that might be troublesome).
TBH, I don't know what eSLD stands for. Effective second-level domain?
What does that mean?
> If you have complex requirements you might try DKIM module's
> sign_condition (or if you want to sign all mail with the same domain it
> is simplest):
https://rspamd.com/doc/modules/dkim.html#dkim-signatures
> and/or you could suggest functionality in DKIM signing module which
> would support your use-cases (I thought about adding ability to
> transform signing domain into something else with a map lookup - maybe
> it would help).
I simply wanted to save myself some time and use the same key/selector
for every hostname of a certain domain. That way I don't have to edit
the maps every time a server is added/removed.
/etc/rspamd/maps/dkim_paths.map:
example.com /etc/rspamd/dkim/dkim_selector1.key
*.
example.com /etc/rspamd/dkim/dkim_selector2.key
/etc/rspamd/maps/dkim_selectors.map:
example.com selector1
*.
example.com selector2
PS: I've just now realized that the description of the problem I'm
trying to solve was quite poorly. :(
--
Alex JOST