[Config] Reasonable default settings for ARC

Fix: #2703

diff --git a/conf/modules.d/arc.conf b/conf/modules.d/arc.conf
index 5a496bc0a18fe58dea296968aa69fa5ebb16cc89..a57cec00de3d9ebcf2bba4f1a9c145aed9b4d519 100644 (file)
--- a/conf/modules.d/arc.conf
+++ b/conf/modules.d/arc.conf
@@ -26,25 +26,27 @@ arc {
   # If false, messages with empty envelope from are not signed
   allow_envfrom_empty = true;
   # If true, envelope/header domain mismatch is ignored
-  allow_hdrfrom_mismatch = false;
+  allow_hdrfrom_mismatch = true;
   # If true, multiple from headers are allowed (but only first is used)
   allow_hdrfrom_multiple = false;
   # If true, username does not need to contain matching domain
   allow_username_mismatch = false;
   # If false, messages from authenticated users are not selected for signing
-  auth_only = true;
+  auth_only = false;
   # Default path to key, can include '$domain' and '$selector' variables
   #path = "${DBDIR}/arc/$domain.$selector.key";
   # Default selector to use
   selector = "arc";
+  # If false, inbound messages are not selected for signing
+  sign_inbound = true;
   # If false, messages from local networks are not selected for signing
-  sign_local = true;
+  sign_local = false;
   # Symbol to add when message is signed
   symbol_sign = "ARC_SIGNED";
   # Whether to fallback to global config
   try_fallback = true;
-  # Domain to use for DKIM signing: can be "header" or "envelope"
-  use_domain = "header";
+  # Domain to use for DKIM signing: can be "header", "envelope" or "recipient"
+  use_domain = "recipient";
   # Whether to normalise domains to eSLD
   use_esld = true;
   # Whether to get keys from Redis