From 8fe2173040a33cfb2d062a74b26621db852c0f2d Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 7 Mar 2024 14:56:21 +0100
Subject: [PATCH] rspamd: fix rspamd signing for mailman

Mails to the big mailing lists currently fail dkim checking since we add
a footer and rewrite the subject. To not trigger DMARC fails, we sign all
outgoing mails from local networks with our domain.
---
 modules/mail/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/mail/default.nix b/modules/mail/default.nix
index 4e5e124..60d59d8 100644
--- a/modules/mail/default.nix
+++ b/modules/mail/default.nix
@@ -315,6 +315,8 @@ in
         "dkim_signing.conf".text = ''
           selector = "quitte2024";
           allow_username_mismatch = true;
+          allow_hdrfrom_mismatch = true;
+          use_domain_sign_local = "ifsr.de";
           path = /var/lib/rspamd/dkim/$domain.$selector.key;
 
         '';