mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/dkim_signing.conf - kubeia - Gitiles

 # If false, messages with empty envelope from are not signed
 allow_envfrom_empty = true;
 # If true, envelope/header domain mismatch is ignored
 allow_hdrfrom_mismatch = true;
 # If true, multiple from headers are allowed (but only first is used)
 allow_hdrfrom_multiple = true;
 # If true, username does not need to contain matching domain
 allow_username_mismatch = true;
 # If false, messages from authenticated users are not selected for signing
 sign_authenticated = true;
 # Default path to key, can include '$domain' and '$selector' variables
 path = "/data/dkim/keys/$domain.dkim";
 # Default selector to use
 selector = "dkim";
 # If false, messages from local networks are not selected for signing
 sign_local = true;
 # Symbol to add when message is signed
 symbol = "DKIM_SIGNED";
 # Whether to fallback to global config
 try_fallback = true;
 # Domain to use for DKIM signing: can be "header" or "envelope"
 use_domain = "envelope";
 # Whether to normalise domains to eSLD
 use_esld = false;
 # Whether to get keys from Redis
 use_redis = true;
 # Hash for DKIM keys in Redis
 key_prefix = "DKIM_PRIV_KEYS";
 # Selector map
 selector_prefix = "DKIM_SELECTORS";
 # Sieve is in sign_networks only
 # forwards are arc signed, rejects are dkim signed
 sign_networks = "/etc/rspamd/custom/dovecot_trusted.map";
 use_domain_sign_networks = "header";
 sign_headers = "from:sender:reply-to:subject:date:message-id:to:cc:mime-version:content-type:content-transfer-encoding:content-language:resent-to:resent-cc:resent-from:resent-sender:resent-message-id:in-reply-to:references:list-id:list-help:list-owner:list-unsubscribe:list-subscribe:list-post:list-unsubscribe-post:disposition-notification-to:disposition-notification-options:original-recipient:openpgp:autocrypt";
	# If false, messages with empty envelope from are not signed
	allow_envfrom_empty = true;
	# If true, envelope/header domain mismatch is ignored
	allow_hdrfrom_mismatch = true;
	# If true, multiple from headers are allowed (but only first is used)
	allow_hdrfrom_multiple = true;
	# If true, username does not need to contain matching domain
	allow_username_mismatch = true;
	# If false, messages from authenticated users are not selected for signing
	sign_authenticated = true;
	# Default path to key, can include '$domain' and '$selector' variables
	path = "/data/dkim/keys/$domain.dkim";
	# Default selector to use
	selector = "dkim";
	# If false, messages from local networks are not selected for signing
	sign_local = true;
	# Symbol to add when message is signed
	symbol = "DKIM_SIGNED";
	# Whether to fallback to global config
	try_fallback = true;
	# Domain to use for DKIM signing: can be "header" or "envelope"
	use_domain = "envelope";
	# Whether to normalise domains to eSLD
	use_esld = false;
	# Whether to get keys from Redis
	use_redis = true;
	# Hash for DKIM keys in Redis
	key_prefix = "DKIM_PRIV_KEYS";
	# Selector map
	selector_prefix = "DKIM_SELECTORS";
	# Sieve is in sign_networks only
	# forwards are arc signed, rejects are dkim signed
	sign_networks = "/etc/rspamd/custom/dovecot_trusted.map";
	use_domain_sign_networks = "header";
	sign_headers = "from:sender:reply-to:subject:date:message-id:to:cc:mime-version:content-type:content-transfer-encoding:content-language:resent-to:resent-cc:resent-from:resent-sender:resent-message-id:in-reply-to:references:list-id:list-help:list-owner:list-unsubscribe:list-subscribe:list-post:list-unsubscribe-post:disposition-notification-to:disposition-notification-options:original-recipient:openpgp:autocrypt";