This module checks DKIM signatures for emails scanned.
DKIM signatures can establish that this specific message has been signed by a trusted
relay. For example, if a message comes from
gmail.com then a valid DKIM signature
means that this message was definitely signed by
gmail.com (unless gmail.com private
key has been compromised, which is not a likewise case).
Rspamd can deal with many types of DKIM signatures and messages canonicalisation.
The major difficulty with DKIM are line endings: many MTA treat them differently which
leads to broken signatures. Basically, rspamd treats all line endings as
is compatible with the most of DKIM implementations. From the version 1.3, Rspamd DKIM module also supports signing of messages.
DKIM module has several useful configuration options:
expire) - maximum size of DKIM keys cache
whitelist- a map of domains that should not be checked with DKIM (e.g. if that domains have totally broken DKIM signer)
domains- a map of domains that should have more strict scores for DKIM violation
strict_multiplier- multiply the value of symbols by this value if received from
trusted_only- do not check DKIM signatures for all domains but those which are from the
Please use dkim_signing module for DKIM signatures. This module should not be used for these purposes any longer.