From 10b08dfd7ff39c4fd2db980495b592da764aff6c Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alexandre.aubin@cern.ch>
Date: Sun, 27 Aug 2017 22:37:04 +0000
Subject: [PATCH] Move DKIM from rmilter to rspamd

---
 data/hooks/conf_regen/31-rspamd         |  2 ++
 data/templates/rmilter/ynh_dkim.conf    | 14 --------------
 data/templates/rspamd/dkim_signing.conf | 16 ++++++++++++++++
 3 files changed, 18 insertions(+), 14 deletions(-)
 delete mode 100644 data/templates/rmilter/ynh_dkim.conf
 create mode 100644 data/templates/rspamd/dkim_signing.conf

diff --git a/data/hooks/conf_regen/31-rspamd b/data/hooks/conf_regen/31-rspamd
index 2a065e735..d263d9cc9 100755
--- a/data/hooks/conf_regen/31-rspamd
+++ b/data/hooks/conf_regen/31-rspamd
@@ -9,6 +9,8 @@ do_pre_regen() {
 
   install -D -m 644 metrics.local.conf \
       "${pending_dir}/etc/rspamd/local.d/metrics.conf"
+  install -D -m 644 dkim_signing.conf \
+      "${pending_dir}/etc/rspamd/local.d/dkim_signing.conf"
   install -D -m 644 rspamd.sieve \
       "${pending_dir}/etc/dovecot/global_script/rspamd.sieve"
 }
diff --git a/data/templates/rmilter/ynh_dkim.conf b/data/templates/rmilter/ynh_dkim.conf
deleted file mode 100644
index 1e5598d06..000000000
--- a/data/templates/rmilter/ynh_dkim.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-# DKIM signing
-# Note that DKIM signing should be done by rspamd in the near future
-# See https://github.com/vstakhov/rmilter/issues/174
-dkim {
-    enable = true;
-    domain {
-        key = /etc/dkim;
-        domain = "*";
-        selector = "mail";
-    };
-    header_canon = relaxed;
-    body_canon = relaxed;
-    sign_alg = sha256;
-};
diff --git a/data/templates/rspamd/dkim_signing.conf b/data/templates/rspamd/dkim_signing.conf
new file mode 100644
index 000000000..26718e021
--- /dev/null
+++ b/data/templates/rspamd/dkim_signing.conf
@@ -0,0 +1,16 @@
+allow_envfrom_empty = true;
+allow_hdrfrom_mismatch = false;
+allow_hdrfrom_multiple = false;
+allow_username_mismatch = true;
+
+auth_only = true;
+path = "/etc/dkim/$domain.$selector.key";
+selector = "mail";
+sign_local = true;
+symbol = "DKIM_SIGNED";
+try_fallback = true;
+use_domain = "header";
+use_esld = false;
+use_redis = false;
+key_prefix = "DKIM_KEYS";
+