This module verifies the authenticity of emails through the analysis of DKIM signatures.
The presence of a valid DKIM signature indicates that the message has been trusted and signed by a recognized source.
For example, if a message comes from
gmail.com then a valid DKIM signature means that this message was definitely signed by
gmail.com (unless gmail.com private key has been compromised, which is not a likewise case).
Rspamd effectively handles a variety of DKIM signatures and message canonicalization techniques.
However, a common challenge in DKIM is the handling of line endings, as different mail transfer agents (MTAs) may treat them differently, resulting in invalid signatures.
To mitigate this issue, Rspamd treats line endings as
CR+LF that which is compatible with the majority of DKIM implementations.
DKIM module has several useful configuration options:
symbol_allow(string): symbol to insert in case of allow (default: ‘R_DKIM_ALLOW’)
symbol_reject(string): symbol to insert (default: ‘R_DKIM_REJECT’)
symbol_tempfail(string): symbol to insert in case of temporary fail (default: ‘R_DKIM_TEMPFAIL’)
symbol_permfail(string): symbol to insert in case of permanent failure (default: ‘R_DKIM_PERMFAIL’)
symbol_na(string): symbol to insert in case of no signing (default: ‘R_DKIM_NA’)
whitelist(map): map of whitelisted networks
domains(map): map of domains to check
strict_multiplier(number): multiplier for strict domains
time_jitter(number): jitter in seconds to allow time diff while checking
trusted_only(boolean): check signatures only for domains in ‘domains’ map
dkim_cache_size(number): cache up to 1000 of the most recent DKIM records
dkim_cache_expire(time): default max expire for an element in this cache
skip_multi(boolean): skip DKIM check for messages with multiple signatures
Please use dkim_signing module for DKIM signatures.