3 changed files with 1 additions and 86 deletions
--- a/deploy/ansible/playbooks/deploy-c3lf-sys3.yml
+++ b/deploy/ansible/playbooks/deploy-c3lf-sys3.yml
@ -361,13 +361,6 @@
      notify:
        - restart postfix

-    - name: configure rspamd dkim
-      template:
-        src: templates/rspamd-dkim.cf.j2
-        dest: /etc/rspamd/local.d/dkim_signing.conf
-      notify:
-        - restart rspamd
-
    - name: configure rspamd
      copy:
        content: |
--- a/deploy/ansible/playbooks/templates/postfix.cf.j2
+++ b/deploy/ansible/playbooks/templates/postfix.cf.j2
@ -37,6 +37,7 @@ alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
 myorigin = /etc/mailname
 mydestination = $myhostname, , localhost
+relayhost = firefly.lab.or.it
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
 mailbox_size_limit = 0
 recipient_delimiter = +
--- a/deploy/ansible/playbooks/templates/rspamd-dkim.cf.j2
+++ b/deploy/ansible/playbooks/templates/rspamd-dkim.cf.j2
@ -1,79 +0,0 @@
-# local.d/dkim_signing.conf
-
-enabled = true;
-
-# If false, messages with empty envelope from are not signed
-allow_envfrom_empty = true;
-
-# If true, envelope/header domain mismatch is ignored
-allow_hdrfrom_mismatch = false;
-
-# If true, multiple from headers are allowed (but only first is used)
-allow_hdrfrom_multiple = false;
-
-# If true, username does not need to contain matching domain
-allow_username_mismatch = false;
-
-# Default path to key, can include '$domain' and '$selector' variables
-path = "/var/lib/rspamd/dkim/$domain.$selector.key";
-
-# Default selector to use
-selector = "dkim";
-
-# If false, messages from authenticated users are not selected for signing
-sign_authenticated = true;
-
-# If false, messages from local networks are not selected for signing
-sign_local = true;
-
-# Map file of IP addresses/subnets to consider for signing
-# sign_networks = "/some/file"; # or url
-
-# Symbol to add when message is signed
-symbol = "DKIM_SIGNED";
-
-# Whether to fallback to global config
-try_fallback = true;
-
-# Domain to use for DKIM signing: can be "header" (MIME From), "envelope" (SMTP From), "recipient" (SMTP To), "auth" (SMTP username) or directly specified domain name
-use_domain = "header";
-
-# Domain to use for DKIM signing when sender is in sign_networks ("header"/"envelope"/"auth")
-#use_domain_sign_networks = "header";
-
-# Domain to use for DKIM signing when sender is a local IP ("header"/"envelope"/"auth")
-#use_domain_sign_local = "header";
-
-# Whether to normalise domains to eSLD
-use_esld = true;
-
-# Whether to get keys from Redis
-use_redis = false;
-
-# Hash for DKIM keys in Redis
-key_prefix = "DKIM_KEYS";
-
-# map of domains -> names of selectors (since rspamd 1.5.3)
-#selector_map = "/etc/rspamd/dkim_selectors.map";
-
-# map of domains -> paths to keys (since rspamd 1.5.3)
-#path_map = "/etc/rspamd/dkim_paths.map";
-
-# If `true` get pubkey from DNS record and check if it matches private key
-check_pubkey = false;
-# Set to `false` if you want to skip signing if public and private keys mismatch
-allow_pubkey_mismatch = true;
-
-# Domain specific settings
-domain {
-  # Domain name is used as key
-  {{ mail_domain }} {
-
-    # Private key path
-    path = "/var/lib/rspamd/dkim/{{ mail_domain }}.key";
-
-    # Selector
-    selector = "ds";
-  }
-}
-