This module checks DKIM signatures for emails scanned.
DKIM signatures can establish that this specific message has been signed by a trusted
relay. For example, if a message comes from
gmail.com then a valid DKIM signature
means that this message was definitely signed by
gmail.com (unless gmail.com private
key has been compromised, which is not a likewise case).
Rspamd can deal with many types of DKIM signatures and messages canonicalisation.
The major difficulty with DKIM are line endings: many MTA treat them differently which
leads to broken signatures. Basically, rspamd treats all line endings as
is compatible with the most of DKIM implementations.
DKIM module has several useful configuration options:
symbol_allow(string): symbol to insert in case of allow (default: ‘R_DKIM_ALLOW’)
symbol_reject(string): symbol to insert (default: ‘R_DKIM_REJECT’)
symbol_tempfail(string): symbol to insert in case of temporary fail (default: ‘R_DKIM_TEMPFAIL’)
symbol_permfail(string): symbol to insert in case of permanent failure (default: ‘R_DKIM_PERMFAIL’)
symbol_na(string): symbol to insert in case of no signing (default: ‘R_DKIM_NA’)
whitelist(map): map of whitelisted networks
domains(map): map of domains to check
strict_multiplier(number): multiplier for strict domains
time_jitter(number): jitter in seconds to allow time diff while checking
trusted_only(boolean): check signatures only for domains in ‘domains’ map
dkim_cache_size(number): cache up to 1000 of the most recent DKIM records
dkim_cache_expire(time): default max expire for an element in this cache
skip_multi(boolean): skip DKIM check for messages with multiple signatures
Please use dkim_signing module for DKIM signatures.