Explorar o código

[Rspamd] Allow empty envfrom for system mails, add only Dovecot to sign_networks and sign by header when sign_networks fires.
ARC remains active for forwards. Result: fully signed and trusted forwards and signed rejects in sieve.

andryyy %!s(int64=5) %!d(string=hai) anos
pai
achega
4e46d44e79
Modificáronse 1 ficheiros con 6 adicións e 2 borrados
  1. 6 2
      data/conf/rspamd/local.d/dkim_signing.conf

+ 6 - 2
data/conf/rspamd/local.d/dkim_signing.conf

@@ -1,7 +1,7 @@
 # If false, messages with empty envelope from are not signed
-allow_envfrom_empty = false;
+allow_envfrom_empty = true;
 # If true, envelope/header domain mismatch is ignored
-allow_hdrfrom_mismatch = false;
+allow_hdrfrom_mismatch = true;
 # If true, multiple from headers are allowed (but only first is used)
 allow_hdrfrom_multiple = true;
 # If true, username does not need to contain matching domain
@@ -28,3 +28,7 @@ use_redis = true;
 key_prefix = "DKIM_PRIV_KEYS";
 # Selector map
 selector_prefix = "DKIM_SELECTORS";
+# Sieve is in sign_networks only
+# forwards are arc signed, rejects are dkim signed
+sign_networks = "/etc/rspamd/custom/dovecot_trusted.map";
+use_domain_sign_networks = "header";