From: Vsevolod Stakhov Date: Mon, 6 Mar 2017 14:04:05 +0000 (+0000) Subject: [Conf] Add dkim signing docs X-Git-Tag: 1.5.2~19 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=7b94f845f7732c3c8b5a70d8b29a482a91a68f32;p=rspamd.git [Conf] Add dkim signing docs --- diff --git a/conf/modules.d/dkim_signing.conf b/conf/modules.d/dkim_signing.conf new file mode 100644 index 000000000..c38b3e16c --- /dev/null +++ b/conf/modules.d/dkim_signing.conf @@ -0,0 +1,73 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine +# parameters defined on the top level +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add +# parameters defined on the top level +# +# For specific modules or configuration you can also modify +# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults +# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults +# +# See https://rspamd.com/doc/tutorials/writing_rules.html for details + + +# To configure this module, please also check the following document: +# https://rspamd.com/doc/tutorials/scanning_outbound.html and +# https://rspamd.com/doc/modules/dkim_signing.html + +# To enable this module define the following attributes: +# path = "/var/lib/rspamd/dkim/$domain.$selector.key"; +# OR +# domain { ... }, if you use per-domain conf +# OR +# set `use_redis=true;` and define redis servers + +dkim_signing { + # If false, messages with empty envelope from are not signed + allow_envfrom_empty = true; + # If true, envelope/header domain mismatch is ignored + allow_hdrfrom_mismatch = false; + # If true, multiple from headers are allowed (but only first is used) + allow_hdrfrom_multiple = false; + # If true, username does not need to contain matching domain + allow_username_mismatch = false; + # If false, messages from authenticated users are not selected for signing + auth_only = true; + # Default path to key, can include '$domain' and '$selector' variables + #path = "/var/lib/rspamd/dkim/$domain.$selector.key"; + # Default selector to use + selector = "dkim"; + # If false, messages from local networks are not selected for signing + sign_local = true; + # Symbol to add when message is signed + symbol = "DKIM_SIGNED"; + # Whether to fallback to global config + try_fallback = true; + # Domain to use for DKIM signing: can be "header" or "envelope" + use_domain = "header"; + # Whether to normalise domains to eSLD + use_esld = true; + # Whether to get keys from Redis + use_redis = false; + # Hash for DKIM keys in Redis + hash_key = "DKIM_KEYS"; + + # Domain specific settings + #domain { + # example.com { + # # Private key path + # path = "/var/lib/rspamd/dkim/example.key"; + # # Selector + # selector = "ds"; + # } + #} + + + + .include(try=true,priority=5) "${DBDIR}/dynamic/dkim_signing.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/dkim_signing.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/dkim_signing.conf" +} diff --git a/src/plugins/lua/dkim_signing.lua b/src/plugins/lua/dkim_signing.lua index 345c91fcb..7f3d1ffcc 100644 --- a/src/plugins/lua/dkim_signing.lua +++ b/src/plugins/lua/dkim_signing.lua @@ -158,6 +158,10 @@ end local opts = rspamd_config:get_all_opt('dkim_signing') if not opts then return end +if not (opts['use_redis'] or opts['path'] or opts['domain']) then + rspamd_logger.infox(rspamd_config, 'mandatory parameters missing, disable dkim signing') + return +end for k,v in pairs(opts) do if k == 'sign_networks' then settings[k] = rspamd_map_add(N, k, 'radix', 'DKIM signing networks')