Using DKIM in a nutshell:
#> /etc/grommunio-antispam/override.d/dkim_signing.conf
allow_envfrom_empty = true;
allow_hdrfrom_mismatch = false;
allow_hdrfrom_multiple = false;
allow_username_mismatch = false;
path = "/var/lib/rspamd/dkim/$domain.$selector.key";
selector = "dkim";
sign_authenticated = true;
sign_local = true;
symbol = "DKIM_SIGNED";
try_fallback = true;
use_domain = "header";
use_esld = true;
use_redis = false;
key_prefix = "DKIM_KEYS";
check_pubkey = false;
allow_pubkey_mismatch = true;
domain {
example.com {
path = "/var/lib/grommunio-antispam/example-dkim.key";
selector = "dkim";
}
}
accompanied by the commands:
rspamadm dkim_keygen -s 'dkim' -b 2048 -d example.com -k /var/lib/grommunio-antispam/example-dkim.key > /tmp/dnsrecord.txt
chown groas:grommunio /var/lib/grommunio-antispam/example-dkim.key
chmod 440 /var/lib/grommunio-antispam/example-dkim.key
the result in /tmp/dnsrecord.txt can be used to create the corresponding dns record for you (in this case with the selector "dkim")
Depending on your setup you can go very deep in detail (for example using redis for performance). You can find the best documentation on this topic here: https://rspamd.com/doc/modules/dkim_signing.html
