summaryrefslogtreecommitdiffstats
path: root/conf/modules.d/arc.conf
diff options
context:
space:
mode:
Diffstat (limited to 'conf/modules.d/arc.conf')
-rw-r--r--conf/modules.d/arc.conf72
1 files changed, 72 insertions, 0 deletions
diff --git a/conf/modules.d/arc.conf b/conf/modules.d/arc.conf
new file mode 100644
index 0000000..f26dad8
--- /dev/null
+++ b/conf/modules.d/arc.conf
@@ -0,0 +1,72 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/arc.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/arc.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at https://rspamd.com/doc/modules/arc.html
+
+
+# To configure this module, please also check the following document:
+# https://rspamd.com/doc/tutorials/scanning_outbound.html and
+# https://rspamd.com/doc/modules/arc.html
+
+# To enable this module define the following attributes:
+# path = "${DBDIR}/arc/$domain.$selector.key";
+# OR
+# domain { ... }, if you use per-domain conf
+# OR
+# set `use_redis=true;` and define redis servers
+
+arc {
+ # If false, messages with empty envelope from are not signed
+ allow_envfrom_empty = true;
+ # If true, envelope/header domain mismatch is ignored
+ allow_hdrfrom_mismatch = true;
+ # If true, multiple from headers are allowed (but only first is used)
+ allow_hdrfrom_multiple = false;
+ # If true, username does not need to contain matching domain
+ allow_username_mismatch = false;
+ # Default path to key, can include '$domain' and '$selector' variables
+ #path = "${DBDIR}/arc/$domain.$selector.key";
+ # Default selector to use
+ selector = "arc";
+ # If false, messages from authenticated users are not selected for signing
+ sign_authenticated = false;
+ # If false, inbound messages are not selected for signing
+ sign_inbound = true;
+ # If false, messages from local networks are not selected for signing
+ sign_local = false;
+ # Symbol to add when message is signed
+ sign_symbol = "ARC_SIGNED";
+ # Whether to fallback to global config
+ try_fallback = true;
+ # Domain to use for ARC signing: can be "header", "envelope" or "recipient"
+ use_domain = "recipient";
+ # Whether to normalise domains to eSLD
+ use_esld = true;
+ # Whether to get keys from Redis
+ use_redis = false;
+ # Hash for ARC keys in Redis
+ key_prefix = "ARC_KEYS";
+
+ # Domain specific settings
+ #domain {
+ # example.com {
+ # # Private key path
+ # path = "${DBDIR}/arc/example.key";
+ # # Selector
+ # selector = "ds";
+ # }
+ #}
+
+ .include(try=true,priority=5) "${DBDIR}/dynamic/arc.conf"
+ .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/arc.conf"
+ .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/arc.conf"
+}