1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
# Please don't modify this file as your changes might be overwritten with
# the next update.
#
# You can modify 'local.d/dkim_signing.conf' to add and merge
# parameters defined inside this section
#
# You can modify 'override.d/dkim_signing.conf' to strictly override all
# parameters defined inside this section
#
# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
# for details
# To configure this module, please also check the following document:
# https://rspamd.com/doc/tutorials/scanning_outbound.html and
# https://rspamd.com/doc/modules/dkim_signing.html
# To enable this module define the following attributes:
# path = "/var/lib/rspamd/dkim/$domain.$selector.key";
# OR
# domain { ... }, if you use per-domain conf
# OR
# set `use_redis=true;` and define redis servers
dkim_signing {
# If false, messages with empty envelope from are not signed
allow_envfrom_empty = true;
# If true, envelope/header domain mismatch is ignored
allow_hdrfrom_mismatch = false;
# If true, multiple from headers are allowed (but only first is used)
allow_hdrfrom_multiple = false;
# If true, username does not need to contain matching domain
allow_username_mismatch = false;
# Default path to key, can include '$domain' and '$selector' variables
#path = "/var/lib/rspamd/dkim/$domain.$selector.key";
# Default selector to use
selector = "dkim";
# If false, messages from authenticated users are not selected for signing
sign_authenticated = true;
# If false, messages from local networks are not selected for signing
sign_local = true;
# Symbol to add when message is signed
symbol = "DKIM_SIGNED";
# Whether to fallback to global config
try_fallback = true;
# Domain to use for DKIM signing: can be "header" or "envelope"
use_domain = "header";
# Whether to normalise domains to eSLD
use_esld = true;
# Whether to get keys from Redis
use_redis = false;
# Hash for DKIM keys in Redis
key_prefix = "DKIM_KEYS";
# Domain specific settings
#domain {
# example.com {
# selectors [
# { # Private key path
# path = "/var/lib/rspamd/dkim/example.key";
# # Selector
# selector = "ds";
# },
# { # multiple dkim signature
# path = "/var/lib/rspamd/dkim/eddsa.key";
# selector = "eddsa";
# }
# ]
# }
#}
.include(try=true,priority=5) "${DBDIR}/dynamic/dkim_signing.conf"
.include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/dkim_signing.conf"
.include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/dkim_signing.conf"
}
|
