opendmarc opendkim openarcからRspamdへ移行

1. Rspamd 設定ファイル（/etc/rspamd/local.d/）
① dkim_signing.conf（DKIM署名）
enabled = true;
path = "/var/lib/rspamd/dkim/asura.net.dkim.key";
selector = "dkim";
domain = "asura.net";
sign_local = true;
sign_authenticated = true;
use_domain = "header";
allow_hdrfrom_mismatch = true;
allow_username_mismatch = true;
symbol = "DKIM_SIGNED";

② arc.conf（ARC署名）
enabled = true;
path = "/var/lib/rspamd/dkim/asura.net.arc.key";
selector = "arc";
domain = "asura.net";
sign_local = true;
sign_authenticated = true;
use_domain = "header";
allow_hdrfrom_mismatch = true;
allow_username_mismatch = true;
symbol = "ARC_SIGNED";


③ options.inc（信頼ホスト）
local_addrs = [
    "127.0.0.1",
    "10.0.0.0/8",
    "192.168.0.0/24",
    "home.asura.net",
];
dns { enable_monitoring = false; }

④ worker-controller.inc（WebUI管理）
password = "$2$..................."; # rspamadm pw で生成した値
bind_socket = "0.0.0.0:11333";
secure_ip = ["127.0.0.1", "10.0.0.0/8", "192.168.0.0/24"];

2. Postfix 設定（/etc/postfix/main.cf）
smtpd_milters = inet:localhost:11332
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

3. 実行した重要コマンド一覧
【鍵の準備と権限設定】
mkdir -p /var/lib/rspamd/dkim/
cp /etc/opendkim/keys/asura.net/dkim.private /var/lib/rspamd/dkim/asura.net.dkim.key
cp /etc/openarc/keys/arc.private /var/lib/rspamd/dkim/asura.net.arc.key
chown -R _rspamd:_rspamd /var/lib/rspamd/dkim/
chmod 755 /var/lib/rspamd/dkim/
chmod 600 /var/lib/rspamd/dkim/*.key

【設定確認・反映】
rspamadm configtest          # 構文チェック
rspamadm configdump dkim_signing # 設定が読み込まれているか確認
systemctl restart rspamd
systemctl restart postfix

【旧Milterの掃除】

systemctl stop opendkim openarc opendmarc
systemctl disable opendkim openarc opendmarc
yum remove opendkim openarc opendmarc
rm -rf /etc/opendkim /etc/openarc /etc/opendmarc

【ログの監視】
bash
tail -f /var/log/rspamd/rspamd.log | grep signing  # 署名動作の確認