Improve DKIM signing config

wdes · Jan 20, 2024 · d6e1669 · d6e1669
1 parent 5f3a15d
commit d6e1669
Showing 1 changed file with 25 additions and 1 deletion.
diff --git a/rspamd/local.d/dkim_signing.conf b/rspamd/local.d/dkim_signing.conf
@@ -1,2 +1,26 @@
-path = "/etc/opendkim/keys/$domain/$selector.private";
+# documentation: https://rspamd.com/doc/modules/dkim_signing.html
+enabled = true;
+
+# If false, messages from authenticated users are not selected for signing
+sign_authenticated = true;
+
+# Domain to use for DKIM signing when sender is a local IP ("header"/"envelope"/"auth")
+sign_local = true;
+
+# Domain to use for DKIM signing: can be "header" (MIME From), "envelope" (SMTP From), "recipient" (SMTP To), "auth" (SMTP username) or directly specified domain name
+use_domain = "header";
+
+# Whether to get keys from Redis
+use_redis = false; # don't change unless Redis also provides the DKIM keys
+
+# Whether to normalise domains to eSLD
+use_esld = true;
+
+# If `true` get pubkey from DNS record and check if it matches private key
+check_pubkey = true; # you want to use this in the beginning
+
 selector = "mail";
+# The path location is searched for a DKIM key with these variables:
+# - `$domain` is sourced from the MIME mail message `From` header
+# - `$selector` is configured for `mail` (as a default fallback)
+path = "/etc/opendkim/keys/$domain/$selector.private";