ansible/roles/rspamd/defaults/main.yaml

rspamd_enabled: true
rspamd_default_values:
  replicaCount: 1
  persistence:
    enabled: false
    existingClaim: mailboxes
  redis:
    enabled: true
    usePassword: false
    password: ""
    cluster:
      enabled: false
  rspamd:
    local.d:
      redis.conf: |
        servers = "rspamd-redis-master";        
      worker-proxy.inc: |
        bind_socket = "0.0.0.0:11332";        
      worker-normal.inc: |
        bind_socket = "0.0.0.0:11333";        
      worker-controller.inc: |
        bind_socket = "0.0.0.0:11334";        
      worker-fuzzy.inc: |
        bind_socket = "0.0.0.0:11335";        
      logging.inc: |
        type = "console";        
      spf.conf: |
        spf_cache_size = 1k; # cache up to 1000 of the most recent SPF records
        spf_cache_expire = 1d; # default max expire for an element in this cache
        max_dns_nesting = 10; # maximum number of recursive DNS subrequests
        max_dns_requests = 30; # maximum count of DNS requests per record
        min_cache_ttl = 5m; # minimum TTL enforced for all elements in SPF records        
      dkim_signing.conf: |
        enabled = true;
        # If `true` get pubkey from DNS record and check if it matches private key
        check_pubkey = true;
        # Set to `false` if you want to skip signing if public and private keys mismatch
        allow_pubkey_mismatch = true;
        # Domain specific settings
        domain {
          # Domain name is used as key
          "{{ mail_domain | default(domain) }}" {
            # Private key path
            path = "/var/lib/rspamd/dkim/default.key";
            # Selector
            selector = "default";
          }
        }        
      arc.conf: |
        domain {
          # Domain name is used as key
          "{{ mail_domain | default(domain) }}" {
            # Private key path
            path = "/var/lib/rspamd/dkim/default.key";
            # Selector
            selector = "default";
          }
        }        
      dmarc.conf: |
        # Enables storing reporting information to redis
        reporting = true;
        # If Redis server is not configured below, settings from redis {} will be used
        #servers = "127.0.0.1:6379"; # Servers to use for reads and writes (can be a list)
        servers = "rspamd-redis-master";
        # Alternatively set read_servers / write_servers to split reads and writes
        # To set custom prefix for redis keys:
        #key_prefix = "dmarc_";
        # Actions to enforce based on DMARC disposition (empty by default)
        actions = {
          quarantine = "add_header";
          reject = "reject";
        }
        # Ignore "pct" setting for some domains
        # no_sampling_domains = "/etc/rspamd/dmarc_no_sampling.domains";        
    dkim-keys:
      default: |
        {{ dkim_private_key_base64 | b64decode }}