Move DKIM signing to new dkim_signing.conf

2017-03-19 21:55:03 +01:00 · 2017-03-19 21:55:03 +01:00 · 7e6fc8568f
parent 2fcbce4f2e
commit 7e6fc8568f
2 changed files with 38 additions and 34 deletions
--- a/data/conf/rspamd/local.d/dkim.conf
+++ b/data/conf/rspamd/local.d/dkim.conf
@ -1,34 +0,0 @@
-sign_condition =<<EOD
-return function(task)
-  local smtp_from = task:get_from('smtp')
-  local mime_from = task:get_from('mime')
-  local rspamd_logger = require "rspamd_logger"
-  if smtp_from[1]['domain'] ~= nil and smtp_from[1]['domain'] ~= '' then
-    domain = smtp_from[1]['domain']
-    rspamd_logger.infox(task, "set domain found in smtp from field to %s", domain)
-    if not task:get_user() then
-      rspamd_logger.infox(task, "found domain in smtp header field, but user is not authenticated - skipped")
-      return false
-    end
-  elseif mime_from[1]['domain'] ~= nil and mime_from[1]['domain'] ~= '' then
-    domain = mime_from[1]['domain']
-    rspamd_logger.infox(task, "set domain found in mime from field to %s", domain)
-  else
-    rspamd_logger.infox(task, "cannot determine domain for dkim signing")
-    return false
-  end
-  local keyfile = io.open("/data/dkim/keys/" .. domain .. ".dkim")
-  if keyfile then
-    rspamd_logger.infox(task, "found dkim key file for domain %s", domain)
-    keyfile:close()
-    return {
-      key = "/data/dkim/keys/" .. domain .. ".dkim",
-      domain = domain,
-      selector = "dkim"
-    }
-  else
-    rspamd_logger.infox(task, "no key file for domain %s - skipped", domain)
-  end
-  return false
-end
-EOD;
--- a/data/conf/rspamd/local.d/dkim_signing.conf
+++ b/data/conf/rspamd/local.d/dkim_signing.conf
@ -0,0 +1,38 @@
+# If false, messages with empty envelope from are not signed
+allow_envfrom_empty = true;
+# If true, envelope/header domain mismatch is ignored
+allow_hdrfrom_mismatch = false;
+# If true, multiple from headers are allowed (but only first is used)
+allow_hdrfrom_multiple = false;
+# If true, username does not need to contain matching domain
+allow_username_mismatch = false;
+# If false, messages from authenticated users are not selected for signing
+auth_only = true;
+# Default path to key, can include '$domain' and '$selector' variables
+path = "/data/dkim/keys/$domain.$selector";
+# Default selector to use
+selector = "dkim";
+# If false, messages from local networks are not selected for signing
+sign_local = true;
+# Symbol to add when message is signed
+symbol = "DKIM_SIGNED";
+# Whether to fallback to global config
+try_fallback = true;
+# Domain to use for DKIM signing: can be "header" or "envelope"
+use_domain = "header";
+# Whether to normalise domains to eSLD
+use_esld = true;
+# Whether to get keys from Redis
+use_redis = false;
+# Hash for DKIM keys in Redis
+hash_key = "DKIM_KEYS";
+
+# Domain specific settings
+#domain {
+#  example.com {
+#    # Private key path
+#    path = "/var/lib/rspamd/dkim/example.key";
+#    # Selector
+#    selector = "ds";
+#  }
+#}