Added config file for dkim signing

2 years ago · 388cba9457
2 changed files with 37 additions and 1 deletions
--- a/charts/rspamd/v0.1.0/templates/locald-configmap.yaml
+++ b/charts/rspamd/v0.1.0/templates/locald-configmap.yaml
@ -56,3 +56,9 @@ data:
    secure_ip = "127.0.0.1";
    password = "{{ .Values.rspamd.password }}";
    enable_password = "{{ .Values.rspamd.password }}";
+  dkim_signing.conf: |-
+    dkim_signing {
+      {{- range $key, $value := .Values.rspamd.dkimSigning }}
+      {{ $key }} = "{{ $value }}";
+      {{- end }}
+    };
--- a/charts/rspamd/v0.1.0/values.yaml
+++ b/charts/rspamd/v0.1.0/values.yaml
@ -44,6 +44,36 @@ rspamd:
        - "172.16.0.0/12"
        - "10.0.0.0/8"
        - "[::1]/128"
+  dkimSigning:
+    # If false, messages with empty envelope from are not signed
+    allow_envfrom_empty: "true"
+    # If true, envelope/header domain mismatch is ignored
+    allow_hdrfrom_mismatch: "false"
+    # If true, multiple from headers are allowed (but only first is used)
+    allow_hdrfrom_multiple: "true"
+    # If true, username does not need to contain matching domain
+    allow_username_mismatch: "false"
+    # If false, messages from authenticated users are not selected for signing
+    auth_only: "true"
+    # Default path to key, can include 'domain' and 'selector' variables
+    path: "/var/lib/rspamd/dkim/$domain.$selector.key"
+    # Default selector to use
+    selector: "dkim"
+    # If false, messages from local networks are not selected for signing
+    sign_local: "true"
+    # Symbol to add when message is signed
+    symbol: "DKIM_SIGNED"
+    # Whether to fallback to global config
+    try_fallback: "true"
+    # Domain to use for DKIM signing: can be "header" or "envelope"
+    use_domain: "header"
+    # Whether to normalise domains to eSLD
+    use_esld: "false"
+    # Whether to get keys from Redis
+    use_redis: "false"
+    # Hash for DKIM keys in Redis
+    key_prefix: "DKIM_KEYS"
+
  workerProxy:
    milter: "yes"
    timeout: "120s"