This module verifies the authenticity of emails through the analysis of DKIM signatures.
The presence of a valid DKIM signature indicates that the message has been trusted and signed by a recognized source.
For example, if a message comes from gmail.com then a valid DKIM signature means that this message was definitely signed by gmail.com (unless gmail.com private key has been compromised, which is not a likewise case).
Rspamd effectively handles a variety of DKIM signatures and message canonicalization techniques.
However, a common challenge in DKIM is the handling of line endings, as different mail transfer agents (MTAs) may treat them differently, resulting in invalid signatures.
To mitigate this issue, Rspamd treats line endings as CR+LF that which is compatible with the majority of DKIM implementations.
DKIM module has several useful configuration options:
symbol_allow (string): symbol to insert in case of allow (default: ‘R_DKIM_ALLOW’)symbol_reject (string): symbol to insert (default: ‘R_DKIM_REJECT’)symbol_tempfail (string): symbol to insert in case of temporary fail (default: ‘R_DKIM_TEMPFAIL’)symbol_permfail (string): symbol to insert in case of permanent failure (default: ‘R_DKIM_PERMFAIL’)symbol_na (string): symbol to insert in case of no signing (default: ‘R_DKIM_NA’)whitelist (map): map of whitelisted networksdomains (map): map of domains to checkstrict_multiplier (number): multiplier for strict domainstime_jitter (number): jitter in seconds to allow time diff while checkingtrusted_only (boolean): check signatures only for domains in ‘domains’ mapdkim_cache_size (number): cache up to 1000 of the most recent DKIM recordsdkim_cache_expire (time): default max expire for an element in this cacheskip_multi (boolean): skip DKIM check for messages with multiple signaturesPlease use dkim_signing module for DKIM signatures.