SenderAuth
Configures sender authentication verification including DKIM, SPF, DMARC, and ARC.
This object can be configured from the WebUI under Settings › MTA › Inbound › Sender Authentication
Fields
dkimSignDomain
Type:
Expression· default:{"else":"false","match":[{"if":"is_local_domain(sender_domain) && !is_empty(authenticated_as)","then":"sender_domain"}]}Domain to use for DKIM signing
Available variables:
MtaRcptToVariable.
dkimStrict
Type:
Boolean· default:trueWhether to ignore insecure DKIM signatures such as those containing a length parameter
dkimVerify
Type:
Expression· default:{"else":"relaxed","match":[]}Whether DKIM verification is strict, relaxed or disabled
Available variables:
MtaRcptToVariable.Available constants:
MtaVerifyConstant.
spfEhloVerify
Type:
Expression· default:{"else":"disable","match":[{"if":"local_port == 25","then":"relaxed"}]}Whether SPF EHLO verification is strict, relaxed or disabled
Available variables:
MtaConnectionVariable.Available constants:
MtaVerifyConstant.
spfFromVerify
Type:
Expression· default:{"else":"disable","match":[{"if":"local_port == 25","then":"relaxed"}]}Whether SPF MAIL FROM verification is strict, relaxed or disabled
Available variables:
MtaConnectionVariable.Available constants:
MtaVerifyConstant.
arcVerify
Type:
Expression· default:{"else":"disable","match":[]}Whether ARC verification is strict, relaxed or disabled.
Available variables:
MtaRcptToVariable.Available constants:
MtaVerifyConstant.
dmarcVerify
Type:
Expression· default:{"else":"disable","match":[{"if":"local_port == 25","then":"relaxed"}]}Whether DMARC verification is strict, relaxed or disabled
Available variables:
MtaRcptToVariable.Available constants:
MtaVerifyConstant.
reverseIpVerify
Type:
Expression· default:{"else":"disable","match":[{"if":"local_port == 25","then":"relaxed"}]}How strict to be when verifying the reverse DNS of the client IP
Available variables:
MtaConnectionVariable.Available constants:
MtaVerifyConstant.
JMAP API
The SenderAuth singleton is available via the urn:stalwart:jmap capability.
x:SenderAuth/get
This is a standard Foo/get method as defined in RFC 8620, Section 5.1.
For singletons, the ids argument should be the literal singleton (or null to return the single instance).
This method requires the sysSenderAuthGet permission.
curl -X POST https://mail.example.com/api \
-H 'Authorization: Bearer $TOKEN' \
-H 'Content-Type: application/json' \
-d '{
"methodCalls": [
[
"x:SenderAuth/get",
{
"ids": [
"singleton"
]
},
"c1"
]
],
"using": [
"urn:ietf:params:jmap:core",
"urn:stalwart:jmap"
]
}'
x:SenderAuth/set
This is a standard Foo/set method as defined in RFC 8620, Section 5.3.
For singletons, only the update argument with id singleton is accepted; create and destroy arguments are rejected.
This method requires the sysSenderAuthUpdate permission.
curl -X POST https://mail.example.com/api \
-H 'Authorization: Bearer $TOKEN' \
-H 'Content-Type: application/json' \
-d '{
"methodCalls": [
[
"x:SenderAuth/set",
{
"update": {
"singleton": {
"dkimSignDomain": {
"else": "false",
"match": [
{
"if": "is_local_domain(sender_domain) && !is_empty(authenticated_as)",
"then": "sender_domain"
}
]
}
}
}
},
"c1"
]
],
"using": [
"urn:ietf:params:jmap:core",
"urn:stalwart:jmap"
]
}'
CLI
stalwart-cli wraps the same JMAP calls. See the CLI reference for installation, authentication, and general usage.
Fetch
stalwart-cli get sender-auth
Update
stalwart-cli update sender-auth --field description='Updated'
Nested types
Expression
A conditional expression with match rules and a default value.
match
Type:
ExpressionMatch[]List of conditions and their corresponding results
else
Type:
String· requiredElse condition
ExpressionMatch
A single condition-result pair in an expression.
if
Type:
String· requiredIf condition
then
Type:
String· requiredThen clause
Expression references
The following expression contexts are used by fields on this page:
MtaRcptToVariable(Variables)MtaVerifyConstant(Constants)MtaConnectionVariable(Variables)