Skip to content

SenderAuth

SenderAuth

Section titled “SenderAuth”

Configures sender authentication verification including DKIM, SPF, DMARC, and ARC.

This object can be configured from the WebUI under Settings › MTA › Inbound › Sender Authentication

Fields

Section titled “Fields”
dkimSignDomain
Section titled “dkimSignDomain”

Type: Expression · default: {"else":"false","match":[{"if":"is_local_domain(sender_domain) && !is_empty(authenticated_as)","then":"sender_domain"}]}

Domain to use for DKIM signing

Available variables: MtaRcptToVariable.

dkimStrict
Section titled “dkimStrict”

Type: Boolean · default: true

Whether to ignore insecure DKIM signatures such as those containing a length parameter

dkimVerify
Section titled “dkimVerify”

Type: Expression · default: {"else":"relaxed","match":[]}

Whether DKIM verification is strict, relaxed or disabled

Available variables: MtaRcptToVariable.

Available constants: MtaVerifyConstant.

spfEhloVerify
Section titled “spfEhloVerify”

Type: Expression · default: {"else":"disable","match":[{"if":"local_port == 25","then":"relaxed"}]}

Whether SPF EHLO verification is strict, relaxed or disabled

Available variables: MtaConnectionVariable.

Available constants: MtaVerifyConstant.

spfFromVerify
Section titled “spfFromVerify”

Type: Expression · default: {"else":"disable","match":[{"if":"local_port == 25","then":"relaxed"}]}

Whether SPF MAIL FROM verification is strict, relaxed or disabled

Available variables: MtaConnectionVariable.

Available constants: MtaVerifyConstant.

arcVerify
Section titled “arcVerify”

Type: Expression · default: {"else":"disable","match":[]}

Whether ARC verification is strict, relaxed or disabled.

Available variables: MtaRcptToVariable.

Available constants: MtaVerifyConstant.

dmarcVerify
Section titled “dmarcVerify”

Type: Expression · default: {"else":"disable","match":[{"if":"local_port == 25","then":"relaxed"}]}

Whether DMARC verification is strict, relaxed or disabled

Available variables: MtaRcptToVariable.

Available constants: MtaVerifyConstant.

reverseIpVerify
Section titled “reverseIpVerify”

Type: Expression · default: {"else":"disable","match":[{"if":"local_port == 25","then":"relaxed"}]}

How strict to be when verifying the reverse DNS of the client IP

Available variables: MtaConnectionVariable.

Available constants: MtaVerifyConstant.

JMAP API

Section titled “JMAP API”

The SenderAuth singleton is available via the urn:stalwart:jmap capability.

x:SenderAuth/get

Section titled “x:SenderAuth/get”

This is a standard Foo/get method as defined in RFC 8620, Section 5.1.

For singletons, the ids argument should be the literal singleton (or null to return the single instance).

This method requires the sysSenderAuthGet permission.

Terminal window
curl -X POST https://mail.example.com/api \
  -H 'Authorization: Bearer $TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
      "methodCalls": [
        [
          "x:SenderAuth/get",
          {
            "ids": [
              "singleton"
            ]
          },
          "c1"
        ]
      ],
      "using": [
        "urn:ietf:params:jmap:core",
        "urn:stalwart:jmap"
      ]
    }'

x:SenderAuth/set

Section titled “x:SenderAuth/set”

This is a standard Foo/set method as defined in RFC 8620, Section 5.3.

For singletons, only the update argument with id singleton is accepted; create and destroy arguments are rejected.

This method requires the sysSenderAuthUpdate permission.

Terminal window
curl -X POST https://mail.example.com/api \
  -H 'Authorization: Bearer $TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
      "methodCalls": [
        [
          "x:SenderAuth/set",
          {
            "update": {
              "singleton": {
                "dkimSignDomain": {
                  "else": "false",
                  "match": [
                    {
                      "if": "is_local_domain(sender_domain) && !is_empty(authenticated_as)",
                      "then": "sender_domain"
                    }
                  ]
                }
              }
            }
          },
          "c1"
        ]
      ],
      "using": [
        "urn:ietf:params:jmap:core",
        "urn:stalwart:jmap"
      ]
    }'

CLI

Section titled “CLI”

stalwart-cli wraps the same JMAP calls. See the CLI reference for installation, authentication, and general usage.

Fetch

Section titled “Fetch”
Terminal window
stalwart-cli get SenderAuth

Update

Section titled “Update”
Terminal window
stalwart-cli update SenderAuth --field dkimSignDomain='{"else":"false","match":[{"if":"is_local_domain(sender_domain) && !is_empty(authenticated_as)","then":"sender_domain"}]}'

Nested types

Section titled “Nested types”

Expression

Section titled “Expression”

A conditional expression with match rules and a default value.

match
Section titled “match”

Type: ExpressionMatch[]

List of conditions and their corresponding results

else
Section titled “else”

Type: String · required

Else condition

ExpressionMatch

Section titled “ExpressionMatch”

A single condition-result pair in an expression.

if
Section titled “if”

Type: String · required

If condition

then
Section titled “then”

Type: String · required

Then clause

Expression references

Section titled “Expression references”

The following expression contexts are used by fields on this page: