From: Vsevolod Stakhov <vsevolod@rspamd.com>
Date: Mon, 2 Dec 2024 14:24:58 +0000 (+0000)
Subject: [Fix] Use `dkim_signing` for `sign_headers` option
X-Git-Tag: 3.11.0~24
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d4264e6b472a3f6ad83b6e107ad69ca025c10a1b;p=thirdparty%2Frspamd.git

[Fix] Use `dkim_signing` for `sign_headers` option

Issue: #5225
---

diff --git a/src/plugins/dkim_check.c b/src/plugins/dkim_check.c
index b0340738e8..1fbe8eff39 100644
--- a/src/plugins/dkim_check.c
+++ b/src/plugins/dkim_check.c
@@ -491,8 +491,17 @@ int dkim_module_config(struct rspamd_config *cfg, bool validate)
 		dkim_module_ctx->trusted_only = FALSE;
 	}
 
+	/*
+	 * We should use sign headers from dkim_signing module as it is the module that
+	 * is used actually for signing.
+	 * See https://github.com/rspamd/rspamd/issues/5225 for details
+	 */
 	if ((value =
-			 rspamd_config_get_module_opt(cfg, "dkim", "sign_headers")) != NULL) {
+			 rspamd_config_get_module_opt(cfg, "dkim_signing", "sign_headers")) != NULL) {
+		dkim_module_ctx->sign_headers = ucl_object_tostring(value);
+	}
+	else if ((value =
+				  rspamd_config_get_module_opt(cfg, "dkim", "sign_headers")) != NULL) {
 		dkim_module_ctx->sign_headers = ucl_object_tostring(value);
 	}