# Note: DKIM signing is performed by the mail relay [comcast.net]
# and is unncessary in this setup.
# Test: Send email to non-Comcast address and inspect headers

# sudo mkdir @PREFIX@/var/lib/rspamd/dkim
# sudo chown _rspamd:_rspamd @PREFIX@/var/lib/rspamd/dkim
# sudo chmod 0750 @PREFIX@/var/lib/rspamd/dkim
# sudo -u _rspamd rspamadm dkim_keygen -k @PREFIX@/var/lib/rspamd/dkim/@domain@.@tld@.dkim_rsa2048.key -s dkim_rsa2048 -t rsa -b 2048 -d @domain@.@tld@
# sudo -u _rspamd rspamadm dkim_keygen -k @PREFIX@/var/lib/rspamd/dkim/@domain@.@tld@.dkim_ed25519.key -s dkim_ed25519 -t ed25519 -d @domain@.@tld@

use_domain = "header";
auth_only = true;
allow_username_mismatch = true;

path = "@PREFIX@/var/lib/rspamd/dkim/@domain@.@tld@.dkim_rsa2048.key";
selector = "dkim_rsa2048";

# Domain specific settings
# domain {
#   @domain@.@tld@ {
#     selectors [
#       { # Private key path and selector
#         path = "@PREFIX@/var/lib/rspamd/dkim/@domain@.@tld@.dkim_rsa2048.key";
#         selector = "dkim_rsa2048";
#       },
#       { # multiple dkim signature
#         path = "@PREFIX@/var/lib/rspamd/dkim/@domain@.@tld@.dkim_ed25519.key";
#         selector = "dkim_ed25519";
#       }
#     ]
#   }
# }