Just so you know, you're not alone on this. I deal with both inbound and outbound mail, and I still think rspamd is a sledgehammer. I'd much prefer to use a separate dkim-sign and even dkim-verify filter.
-- Maarten On Thu, 23 Jul 2020 at 05:00, Sam Vaughan <samjvaug...@gmail.com> wrote: > Hi all, > > I’ve been very happy with OpenSMTPd on both OpenBSD and FreeBSD for a long > time now but have recently come unstuck with DKIM signing on FreeBSD. I > started out using dkimproxy successfully, then “filter dkim-sign” came > along and it was even better. But as of OpenSMTPd 6.6, the > opensmtpd-extras dkim filter has been deleted and its FreeBSD port has gone > too. > > Word on the street seemed to be to use rspamd for DKIM signing, but that's > a hell of a big hammer. Resigned to my fate, I set up rspamd on FreeBSD > 12.1 and got it working with a few test messages. But I then found that > the system’s automated nightly emails were all coming up "dkim=fail”. No > matter what I tried, I couldn’t replicate it manually - sending as root, > sending to the same gmail group, whatever. All my test messages would > still come up “dkim=pass”. > > Before I got to the bottom of that issue, a bigger one showed up. A > recent minor pkg upgrade seems to have caused rspamd to regularly crash with > > glib; rspamd_glib_printerr_function: ** > ERROR:/wrkdirs/usr/ports/mail/rspamd/work/rspamd-2.4/src/libstat/tokenizers/tokenizers.c:397:rspamd_tokenize_text: > assertion failed: (U_SUCCESS (uc_err)) > > I’ve had no luck finding a fix for that yet, but I feel like I’m at a > crossroads. I understand that with their limited time, the OpenSMTPd > developers decided to leave as much as possible to rspamd, but what a shame > DKIM signing is in that category too. Does anyone really consider DKIM > signing an optional feature any more? > > I see that everything’s good on OpenBSD thanks to Martijn’s dkim filter, > but there's no port of it on FreeBSD and my initial efforts to create one > showed that it’s not a job for a first-time porter. So I now don’t know > whether to try looking into milter support for OpenDKIM, or revert back to > dkimproxy, or maybe even compile and run an old OpenSMTPd version like the > 6.1 port which works flawlessly on FreeBSD 11.3. > > It seems weird to me that so few OpenSMTPd users seem to have been > affected by this change. A lot of you must be on platforms other than > OpenBSD. Perhaps I’m unusual in wanting to only do outbound? Of course > rspamd is just part of the deal for inbound. Maybe outbound-only people > are relaying straight to Mailgun so they don’t need to worry about > SPF/DKIM/DMARC? It is tempting. > > Cheers, > > Sam >