Fall back to dkim.conf

2017-03-26 11:08:07 +02:00 · 2017-03-26 11:08:07 +02:00 · 60fa9ab9dd
parent d5c8f0160c
commit 60fa9ab9dd
2 changed files with 34 additions and 38 deletions
--- a/data/conf/rspamd/local.d/dkim.conf
+++ b/data/conf/rspamd/local.d/dkim.conf
@ -0,0 +1,34 @@
+sign_condition =<<EOD
+return function(task)
+  local smtp_from = task:get_from('smtp')
+  local mime_from = task:get_from('mime')
+  local rspamd_logger = require "rspamd_logger"
+  if smtp_from[1]['domain'] ~= nil and smtp_from[1]['domain'] ~= '' then
+    domain = smtp_from[1]['domain']
+    rspamd_logger.infox(task, "set domain found in smtp from field to %s", domain)
+    if not task:get_user() then
+      rspamd_logger.infox(task, "found domain in smtp header field, but user is not authenticated - skipped")
+      return false
+    end
+  elseif mime_from[1]['domain'] ~= nil and mime_from[1]['domain'] ~= '' then
+    domain = mime_from[1]['domain']
+    rspamd_logger.infox(task, "set domain found in mime from field to %s", domain)
+  else
+    rspamd_logger.infox(task, "cannot determine domain for dkim signing")
+    return false
+  end
+  local keyfile = io.open("/data/dkim/keys/" .. domain .. ".dkim")
+  if keyfile then
+    rspamd_logger.infox(task, "found dkim key file for domain %s", domain)
+    keyfile:close()
+    return {
+      key = "/data/dkim/keys/" .. domain .. ".dkim",
+      domain = domain,
+      selector = "dkim"
+    }
+  else
+    rspamd_logger.infox(task, "no key file for domain %s - skipped", domain)
+  end
+  return false
+end
+EOD;
--- a/data/conf/rspamd/local.d/dkim_signing.conf
+++ b/data/conf/rspamd/local.d/dkim_signing.conf
@ -1,38 +0,0 @@
-# If false, messages with empty envelope from are not signed
-allow_envfrom_empty = true;
-# If true, envelope/header domain mismatch is ignored
-allow_hdrfrom_mismatch = false;
-# If true, multiple from headers are allowed (but only first is used)
-allow_hdrfrom_multiple = false;
-# If true, username does not need to contain matching domain
-allow_username_mismatch = false;
-# If false, messages from authenticated users are not selected for signing
-auth_only = true;
-# Default path to key, can include '$domain' and '$selector' variables
-path = "/data/dkim/keys/$domain.$selector";
-# Default selector to use
-selector = "dkim";
-# If false, messages from local networks are not selected for signing
-sign_local = true;
-# Symbol to add when message is signed
-symbol = "DKIM_SIGNED";
-# Whether to fallback to global config
-try_fallback = true;
-# Domain to use for DKIM signing: can be "header" or "envelope"
-use_domain = "header";
-# Whether to normalise domains to eSLD
-use_esld = true;
-# Whether to get keys from Redis
-use_redis = false;
-# Hash for DKIM keys in Redis
-hash_key = "DKIM_KEYS";
-
-# Domain specific settings
-#domain {
-#  example.com {
-#    # Private key path
-#    path = "/var/lib/rspamd/dkim/example.key";
-#    # Selector
-#    selector = "ds";
-#  }
-#}