From d6e1669413228ac5fac23df3371dbcedf69cfdf9 Mon Sep 17 00:00:00 2001
From: William Desportes <williamdes@wdes.fr>
Date: Sat, 20 Jan 2024 14:30:25 +0100
Subject: [PATCH] Improve DKIM signing config

---
 rspamd/local.d/dkim_signing.conf | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/rspamd/local.d/dkim_signing.conf b/rspamd/local.d/dkim_signing.conf
index 4c86636..8de8fd8 100644
--- a/rspamd/local.d/dkim_signing.conf
+++ b/rspamd/local.d/dkim_signing.conf
@@ -1,2 +1,26 @@
-path = "/etc/opendkim/keys/$domain/$selector.private";
+# documentation: https://rspamd.com/doc/modules/dkim_signing.html
+enabled = true;
+
+# If false, messages from authenticated users are not selected for signing
+sign_authenticated = true;
+
+# Domain to use for DKIM signing when sender is a local IP ("header"/"envelope"/"auth")
+sign_local = true;
+
+# Domain to use for DKIM signing: can be "header" (MIME From), "envelope" (SMTP From), "recipient" (SMTP To), "auth" (SMTP username) or directly specified domain name
+use_domain = "header";
+
+# Whether to get keys from Redis
+use_redis = false; # don't change unless Redis also provides the DKIM keys
+
+# Whether to normalise domains to eSLD
+use_esld = true;
+
+# If `true` get pubkey from DNS record and check if it matches private key
+check_pubkey = true; # you want to use this in the beginning
+
 selector = "mail";
+# The path location is searched for a DKIM key with these variables:
+# - `$domain` is sourced from the MIME mail message `From` header
+# - `$selector` is configured for `mail` (as a default fallback)
+path = "/etc/opendkim/keys/$domain/$selector.private";