diff --git a/charts/rspamd/v0.1.0/templates/locald-configmap.yaml b/charts/rspamd/v0.1.0/templates/locald-configmap.yaml index d9610a7..bb8546b 100644 --- a/charts/rspamd/v0.1.0/templates/locald-configmap.yaml +++ b/charts/rspamd/v0.1.0/templates/locald-configmap.yaml @@ -55,4 +55,10 @@ data: worker-controller.inc: |- secure_ip = "127.0.0.1"; password = "{{ .Values.rspamd.password }}"; - enable_password = "{{ .Values.rspamd.password }}"; \ No newline at end of file + enable_password = "{{ .Values.rspamd.password }}"; + dkim_signing.conf: |- + dkim_signing { + {{- range $key, $value := .Values.rspamd.dkimSigning }} + {{ $key }} = "{{ $value }}"; + {{- end }} + }; \ No newline at end of file diff --git a/charts/rspamd/v0.1.0/values.yaml b/charts/rspamd/v0.1.0/values.yaml index cca8c5b..7de4134 100644 --- a/charts/rspamd/v0.1.0/values.yaml +++ b/charts/rspamd/v0.1.0/values.yaml @@ -44,6 +44,36 @@ rspamd: - "172.16.0.0/12" - "10.0.0.0/8" - "[::1]/128" + dkimSigning: + # If false, messages with empty envelope from are not signed + allow_envfrom_empty: "true" + # If true, envelope/header domain mismatch is ignored + allow_hdrfrom_mismatch: "false" + # If true, multiple from headers are allowed (but only first is used) + allow_hdrfrom_multiple: "true" + # If true, username does not need to contain matching domain + allow_username_mismatch: "false" + # If false, messages from authenticated users are not selected for signing + auth_only: "true" + # Default path to key, can include 'domain' and 'selector' variables + path: "/var/lib/rspamd/dkim/$domain.$selector.key" + # Default selector to use + selector: "dkim" + # If false, messages from local networks are not selected for signing + sign_local: "true" + # Symbol to add when message is signed + symbol: "DKIM_SIGNED" + # Whether to fallback to global config + try_fallback: "true" + # Domain to use for DKIM signing: can be "header" or "envelope" + use_domain: "header" + # Whether to normalise domains to eSLD + use_esld: "false" + # Whether to get keys from Redis + use_redis: "false" + # Hash for DKIM keys in Redis + key_prefix: "DKIM_KEYS" + workerProxy: milter: "yes" timeout: "120s"