Ich hatte hier eine Version die Mails doppelt signiert mit SHA und ellyptischen Kurven - da letzteres noch nicht viel Support hat, jetzt die abgespeckte Version
#!/bin/bash
chown root._rspamd /etc/postfix/dkim/*
SIGNFILE=/tmp/dkim_signing.conf
echo "# If false, messages with empty envelope from are not signed" >$SIGNFILE
echo "allow_envfrom_empty = true;" >>$SIGNFILE
echo "# If true, envelope/header domain mismatch is ignored" >>$SIGNFILE
echo "allow_hdrfrom_mismatch = true;" >>$SIGNFILE
echo "# If true, multiple from headers are allowed (but only first is used)" >>$SIGNFILE
echo "allow_hdrfrom_multiple = false;" >>$SIGNFILE
echo "# If true, username does not need to contain matching domain" >>$SIGNFILE
echo "allow_username_mismatch = true;" >>$SIGNFILE
echo "# If false, messages from local networks are not selected for signing" >>$SIGNFILE
echo "sign_local = true;" >>$SIGNFILE
echo "# If false, messages from domains not defined here will not be signed" >>$SIGNFILE
echo "try_fallback = false;" >>$SIGNFILE
echo "symbol = "DKIM_SIGNED";" >>$SIGNFILE
echo "use_domain = "envelope";" >>$SIGNFILE
echo "domain {" >>$SIGNFILE
cat /etc/postfix/dkim/dkim-keys.conf | while read LINE; do
DOMAIN=`echo $LINE | awk -F: '{ print $2 }'`
echo " $DOMAIN {" >>$SIGNFILE
KEY=`echo $LINE | awk -F: '{ print $3 }'`
echo " path = \"$KEY\";" >>$SIGNFILE
SELECTOR=`echo $KEY | awk -F/ '{ print $5 }' | awk -F. '{ print $1 }'`
echo " selector = \"$SELECTOR\";" >>$SIGNFILE
echo " }" >>$SIGNFILE
done
echo "}" >>$SIGNFILE
cp $SIGNFILE /etc/rspamd/local.d/dkim_signing.conf
systemctl reload rspamd
rm $SIGNFILE