From ad067ecbaeb0d8085c64a30740e4a6a397016bd3 Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Tue, 30 May 2017 15:03:27 +0100 Subject: [PATCH] [Conf] Add sample arc module config --- conf/modules.d/arc.conf | 68 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 conf/modules.d/arc.conf diff --git a/conf/modules.d/arc.conf b/conf/modules.d/arc.conf new file mode 100644 index 000000000..b36a50053 --- /dev/null +++ b/conf/modules.d/arc.conf @@ -0,0 +1,68 @@ +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine +# parameters defined on the top level +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add +# parameters defined on the top level +# +# For specific modules or configuration you can also modify +# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults +# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults +# +# See https://rspamd.com/doc/tutorials/writing_rules.html for details + + +# To configure this module, please also check the following document: +# https://rspamd.com/doc/tutorials/scanning_outbound.html and +# https://rspamd.com/doc/modules/arc.html + +# To enable this module define the following attributes: +# path = "/var/lib/rspamd/arc/$domain.$selector.key"; +# OR +# domain { ... }, if you use per-domain conf +# OR +# set `use_redis=true;` and define redis servers + +arc { + # If false, messages with empty envelope from are not signed + allow_envfrom_empty = true; + # If true, envelope/header domain mismatch is ignored + allow_hdrfrom_mismatch = false; + # If true, multiple from headers are allowed (but only first is used) + allow_hdrfrom_multiple = false; + # If true, username does not need to contain matching domain + allow_username_mismatch = false; + # If false, messages from authenticated users are not selected for signing + auth_only = true; + # Default path to key, can include '$domain' and '$selector' variables + #path = "/var/lib/rspamd/arc/$domain.$selector.key"; + # Default selector to use + selector = "arc"; + # If false, messages from local networks are not selected for signing + sign_local = true; + # Symbol to add when message is signed + symbol_sign = "ARC_SIGNED"; + # Whether to fallback to global config + try_fallback = true; + # Domain to use for DKIM signing: can be "header" or "envelope" + use_domain = "header"; + # Whether to normalise domains to eSLD + use_esld = true; + # Whether to get keys from Redis + use_redis = false; + # Hash for ARC keys in Redis + key_prefix = "ARC_KEYS"; + + # Domain specific settings + #domain { + # example.com { + # # Private key path + # path = "/var/lib/rspamd/arc/example.key"; + # # Selector + # selector = "ds"; + # } + #} + + .include(try=true,priority=5) "${DBDIR}/dynamic/arc.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/arc.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/arc.conf" +} -- 2.39.5