[Conf] Add dkim signing docs

diff --git a/conf/modules.d/dkim_signing.conf b/conf/modules.d/dkim_signing.conf
new file mode 100644 (file)
index 0000000..c38b3e1
--- /dev/null
+++ b/conf/modules.d/dkim_signing.conf
@@ -0,0 +1,73 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+
+# To configure this module, please also check the following document:
+# https://rspamd.com/doc/tutorials/scanning_outbound.html and
+# https://rspamd.com/doc/modules/dkim_signing.html
+
+# To enable this module define the following attributes:
+# path = "/var/lib/rspamd/dkim/$domain.$selector.key";
+# OR
+# domain { ... }, if you use per-domain conf
+# OR
+# set `use_redis=true;` and define redis servers
+
+dkim_signing {
+  # If false, messages with empty envelope from are not signed
+  allow_envfrom_empty = true;
+  # If true, envelope/header domain mismatch is ignored
+  allow_hdrfrom_mismatch = false;
+  # If true, multiple from headers are allowed (but only first is used)
+  allow_hdrfrom_multiple = false;
+  # If true, username does not need to contain matching domain
+  allow_username_mismatch = false;
+  # If false, messages from authenticated users are not selected for signing
+  auth_only = true;
+  # Default path to key, can include '$domain' and '$selector' variables
+  #path = "/var/lib/rspamd/dkim/$domain.$selector.key";
+  # Default selector to use
+  selector = "dkim";
+  # If false, messages from local networks are not selected for signing
+  sign_local = true;
+  # Symbol to add when message is signed
+  symbol = "DKIM_SIGNED";
+  # Whether to fallback to global config
+  try_fallback = true;
+  # Domain to use for DKIM signing: can be "header" or "envelope"
+  use_domain = "header";
+  # Whether to normalise domains to eSLD
+  use_esld = true;
+  # Whether to get keys from Redis
+  use_redis = false;
+  # Hash for DKIM keys in Redis
+  hash_key = "DKIM_KEYS";
+
+  # Domain specific settings
+  #domain {
+  #  example.com {
+  #    # Private key path
+  #    path = "/var/lib/rspamd/dkim/example.key";
+  #    # Selector
+  #    selector = "ds";
+  #  }
+  #}
+
+
+
+  .include(try=true,priority=5) "${DBDIR}/dynamic/dkim_signing.conf"
+  .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/dkim_signing.conf"
+  .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/dkim_signing.conf"
+}

diff --git a/src/plugins/lua/dkim_signing.lua b/src/plugins/lua/dkim_signing.lua
index 345c91fcb1e64fc056dc626ae358461ac5422156..7f3d1ffccc2198c7af58906453bb151f216236b8 100644 (file)
--- a/src/plugins/lua/dkim_signing.lua
+++ b/src/plugins/lua/dkim_signing.lua
@@ -158,6 +158,10 @@ end
 
 local opts =  rspamd_config:get_all_opt('dkim_signing')
 if not opts then return end
+if not (opts['use_redis'] or opts['path'] or opts['domain']) then
+  rspamd_logger.infox(rspamd_config, 'mandatory parameters missing, disable dkim signing')
+  return
+end
 for k,v in pairs(opts) do
   if k == 'sign_networks' then
     settings[k] = rspamd_map_add(N, k, 'radix', 'DKIM signing networks')