| # If false, messages with empty envelope from are not signed |
| allow_envfrom_empty = true; |
| # If true, envelope/header domain mismatch is ignored |
| allow_hdrfrom_mismatch = true; |
| # If true, multiple from headers are allowed (but only first is used) |
| allow_hdrfrom_multiple = true; |
| # If true, username does not need to contain matching domain |
| allow_username_mismatch = true; |
| # If false, messages from authenticated users are not selected for signing |
| sign_authenticated = true; |
| # Default path to key, can include '$domain' and '$selector' variables |
| path = "/data/dkim/keys/$domain.dkim"; |
| # Default selector to use |
| selector = "dkim"; |
| # If false, messages from local networks are not selected for signing |
| sign_local = true; |
| # Symbol to add when message is signed |
| symbol = "DKIM_SIGNED"; |
| # Whether to fallback to global config |
| try_fallback = true; |
| # Domain to use for DKIM signing: can be "header" or "envelope" |
| use_domain = "envelope"; |
| # Whether to normalise domains to eSLD |
| use_esld = false; |
| # Whether to get keys from Redis |
| use_redis = true; |
| # Hash for DKIM keys in Redis |
| key_prefix = "DKIM_PRIV_KEYS"; |
| # Selector map |
| selector_prefix = "DKIM_SELECTORS"; |
| # Sieve is in sign_networks only |
| # forwards are arc signed, rejects are dkim signed |
| sign_networks = "/etc/rspamd/custom/dovecot_trusted.map"; |
| use_domain_sign_networks = "header"; |
| sign_headers = "from:sender:reply-to:subject:date:message-id:to:cc:mime-version:content-type:content-transfer-encoding:content-language:resent-to:resent-cc:resent-from:resent-sender:resent-message-id:in-reply-to:references:list-id:list-help:list-owner:list-unsubscribe:list-subscribe:list-post:list-unsubscribe-post:disposition-notification-to:disposition-notification-options:original-recipient:openpgp:autocrypt"; |