Yeah, it would be nice if the wiki pages and the manual were more clear about what is implemented and what will be implemented. That said, I love the fact that they have created a project where we can collaborate in standing up what we want. Once I finish getting the main things working for myself, I think the first thing I’ll do is to try to clean up the existing documentation. Then, maybe I’ll be in a position to actually contribute to the functionality.
Anyway, I was finally able to get back to this, and it was about as easy as following the instructions in that issue I referenced above. Here are the notes (verbose for anyone else who happens to come across this).
I started with the example dkim_signing.conf file on the page you referenced (DKIM signing module). Saving it to /etc/rspamd/local.d/dkim_signing.conf. I then made sure these options (referenced in the issue) were set as indicated:
path = “/var/lib/rspamd/dkim/$domain.$selector.key”;
selector_map = “/etc/rspamd/dkim_selectors.map”;
allow_username_mismatch = true;
use_esld = false;
rspamd replaces $domain and $selector with the entries from the map file (covered in the next paragraph). After that, I updated these settings in hopes of seeing log messages if the DNS configuration happened to be wrong:
check_pubkey = true;
allow_pubkey_mismatch = false;
Then, I created the file /etc/rspamd/dkim_selectors.map with the two values. In this case, the “timestamp” is the selector (“dkim”). So, it’s
{domain} dkim
with {domain} replaced with the actual domain.
Next, I updated the owner and permissions of /var/lib/rspamd/dkim/{domain}.dkim.key:
chown _rspamd:_rspamd /var/lib/rspamd/dkim/{domain}.dkim.key
chmod u+w /var/lib/rspamd/dkim/{domain}.dkim.key
With that, I restarted rspamd:
/etc/init.d/rspamd restart
and the next email I sent was signed.
Let me know if you are able to get it to work.