Merge pull request #3019 from klausenbusk/arc-defaults

[Config] Reasonable default settings for ARC

1 files changed, 7 insertions, 5 deletions

diff --git a/conf/modules.d/arc.conf b/conf/modules.d/arc.conf
index b69ee7303..48b5e59e9 100644
--- a/conf/modules.d/arc.conf
+++ b/conf/modules.d/arc.conf
@@ -28,25 +28,27 @@ arc {
   # If false, messages with empty envelope from are not signed
   allow_envfrom_empty = true;
   # If true, envelope/header domain mismatch is ignored
-  allow_hdrfrom_mismatch = false;
+  allow_hdrfrom_mismatch = true;
   # If true, multiple from headers are allowed (but only first is used)
   allow_hdrfrom_multiple = false;
   # If true, username does not need to contain matching domain
   allow_username_mismatch = false;
   # If false, messages from authenticated users are not selected for signing
-  auth_only = true;
+  auth_only = false;
   # Default path to key, can include '$domain' and '$selector' variables
   #path = "${DBDIR}/arc/$domain.$selector.key";
   # Default selector to use
   selector = "arc";
+  # If false, inbound messages are not selected for signing
+  sign_inbound = true;
   # If false, messages from local networks are not selected for signing
-  sign_local = true;
+  sign_local = false;
   # Symbol to add when message is signed
   symbol_sign = "ARC_SIGNED";
   # Whether to fallback to global config
   try_fallback = true;
-  # Domain to use for ARC signing: can be "header" or "envelope"
-  use_domain = "header";
+  # Domain to use for DKIM signing: can be "header", "envelope" or "recipient"
+  use_domain = "recipient";
   # Whether to normalise domains to eSLD
   use_esld = true;
   # Whether to get keys from Redis