From 8985cd60cc5e92d9d5918f5829c4308be140cc30 Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Mon, 23 Feb 2026 21:01:29 +0000 Subject: [PATCH] [ci skip] mailserver: fix Rspamd DKIM signing key path Mount DKIM private key at Rspamd-expected path (/tmp/docker-mailserver/rspamd/dkim/viktorbarzin.me/mail.private) and add dkim_signing.conf override for domain/selector config. Rspamd does not auto-detect keys from the OpenDKIM path. --- stacks/platform/modules/mailserver/main.tf | 29 ++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/stacks/platform/modules/mailserver/main.tf b/stacks/platform/modules/mailserver/main.tf index 8fd68bd6..4fa39309 100644 --- a/stacks/platform/modules/mailserver/main.tf +++ b/stacks/platform/modules/mailserver/main.tf @@ -89,6 +89,23 @@ resource "kubernetes_config_map" "mailserver_config" { SigningTable = "*@viktorbarzin.me mail._domainkey.viktorbarzin.me\n" TrustedHosts = "127.0.0.1\nlocalhost\n" "sasl_passwd" = var.sasl_passwd + # Rspamd DKIM signing configuration + "dkim_signing.conf" = <<-EOF + enabled = true; + sign_authenticated = true; + sign_local = true; + use_domain = "header"; + use_redis = false; + use_esld = true; + selector = "mail"; + path = "/tmp/docker-mailserver/rspamd/dkim/viktorbarzin.me/mail.private"; + domain { + viktorbarzin.me { + path = "/tmp/docker-mailserver/rspamd/dkim/viktorbarzin.me/mail.private"; + selector = "mail"; + } + } + EOF fail2ban_conf = <<-EOF [DEFAULT] @@ -264,6 +281,18 @@ resource "kubernetes_deployment" "mailserver" { mount_path = "/tmp/docker-mailserver/opendkim/keys" read_only = true } + volume_mount { + name = "opendkim-key" + mount_path = "/tmp/docker-mailserver/rspamd/dkim/viktorbarzin.me/mail.private" + sub_path = "viktorbarzin.me-mail.key" + read_only = true + } + volume_mount { + name = "config" + mount_path = "/tmp/docker-mailserver/rspamd/override.d/dkim_signing.conf" + sub_path = "dkim_signing.conf" + read_only = true + } volume_mount { name = "data" mount_path = "/var/mail"