[Fix] Use `dkim_signing` for `sign_headers` option

Issue: #5225

diff --git a/src/plugins/dkim_check.c b/src/plugins/dkim_check.c
index b0340738e86884209e4497a6c5f9b0307bcb2fad..1fbe8eff3945c54b9a5f4131946cd2b86e978204 100644 (file)
--- a/src/plugins/dkim_check.c
+++ b/src/plugins/dkim_check.c
@@ -491,8 +491,17 @@ int dkim_module_config(struct rspamd_config *cfg, bool validate)
                dkim_module_ctx->trusted_only = FALSE;
        }
 
+       /*
+        * We should use sign headers from dkim_signing module as it is the module that
+        * is used actually for signing.
+        * See https://github.com/rspamd/rspamd/issues/5225 for details
+        */
        if ((value =
-                        rspamd_config_get_module_opt(cfg, "dkim", "sign_headers")) != NULL) {
+                        rspamd_config_get_module_opt(cfg, "dkim_signing", "sign_headers")) != NULL) {
+               dkim_module_ctx->sign_headers = ucl_object_tostring(value);
+       }
+       else if ((value =
+                                 rspamd_config_get_module_opt(cfg, "dkim", "sign_headers")) != NULL) {
                dkim_module_ctx->sign_headers = ucl_object_tostring(value);
        }