[TODO]: Consider rspamd DKIM config to use selector_map
#3778
Labels
area/configuration (file)
area/scripts
kind/improvement
Improve an existing feature, configuration file or the documentation
meta/help wanted
The OP requests help from others - chime in! :D
service/security/dkim-dmarc-spf
service/security/rspamd
stale-bot/ignore
Indicates that this issue / PR shall not be closed by our stale-checking CI
Description
Referencing my review comment here,
selector_map
might be a good approach for automating generation of multiple DKIM selectors when necessary. It's unlikely our path convention would change, and as per the PR contribution, a standard path convention / template can use variables for the selector (with a default fallback) and domain.try_fallback = true;
AFAIK is to permit fallback to that defaultselector
variable.path
is the template used, where$domain
is the domain being handled (defaults to MIMEFrom
(message header), not SMTPFrom
mail header (envelope sender) although you can configure for that), and$selector
will either bemail
from above, or changed to a matching selector if found inselector_map
.A
selector_map
is just a key/value pair per line delimiting key/values by white-space. If a domain matches, it'll use that selector:Additional Notes
I'm not 100% sure how that works for domains with multiple selectors available. Such as to support both RSA and ECC DKIM keys.
The
path
example uses the Docker config volume directly, but would probably be an internal location that the files are copied to. It's ideally unified with OpenDKIM config to share a common location for keys as these should technically be no different. It's a question raised by users several times about migrating to rspamd if they need to generate keys again or can use the same ones created for OpenDKIM without much friction.$domain
is additionally derived fromuse_domain
(what part of the mail to source the domain from, or a fixed domain) anduse_esld = true
(normalize domains to eSLD (effective second-level domain), ignores any subdomains).The unified DKIM path and generation is related to #3630
The text was updated successfully, but these errors were encountered: