From 4e46d44e798d70cb323c04e071732ba59b7df9a6 Mon Sep 17 00:00:00 2001 From: andryyy Date: Sun, 12 Jan 2020 12:21:21 +0100 Subject: [PATCH] [Rspamd] Allow empty envfrom for system mails, add only Dovecot to sign_networks and sign by header when sign_networks fires. ARC remains active for forwards. Result: fully signed and trusted forwards and signed rejects in sieve. --- data/conf/rspamd/local.d/dkim_signing.conf | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/data/conf/rspamd/local.d/dkim_signing.conf b/data/conf/rspamd/local.d/dkim_signing.conf index b87f89c8..575e86b5 100644 --- a/data/conf/rspamd/local.d/dkim_signing.conf +++ b/data/conf/rspamd/local.d/dkim_signing.conf @@ -1,7 +1,7 @@ # If false, messages with empty envelope from are not signed -allow_envfrom_empty = false; +allow_envfrom_empty = true; # If true, envelope/header domain mismatch is ignored -allow_hdrfrom_mismatch = false; +allow_hdrfrom_mismatch = true; # If true, multiple from headers are allowed (but only first is used) allow_hdrfrom_multiple = true; # If true, username does not need to contain matching domain @@ -28,3 +28,7 @@ use_redis = true; key_prefix = "DKIM_PRIV_KEYS"; # Selector map selector_prefix = "DKIM_SELECTORS"; +# Sieve is in sign_networks only +# forwards are arc signed, rejects are dkim signed +sign_networks = "/etc/rspamd/custom/dovecot_trusted.map"; +use_domain_sign_networks = "header";