Hi, regarding your docs I can set for the domain policy SignOnlyIfInDNS, but with the latest version its reporting that the value is not allowed. release is kumod 2024.09.02-c5476b89 on a debian installation:
/opt/kumomta/share/policy-extras/dkim_sign.lua:132 Expected value of type 'DkimSignConfig.Base' and encountered an error during coercion
/opt/kumomta/share/policy-extras/dkim_sign.lua:132 /opt/kumomta/share/policy-extras/dkim_sign.lua:166: /opt/kumomta/share/policy-extras/dkim_sign.lua:132 DkimSignConfig.Base: invalid value for field 'policy'
/opt/kumomta/share/policy-extras/dkim_sign.lua:132 Unexpected 'DomainSigningPolicy' value 'SignOnlyIfInDNS', expected one of 'Always'
Error: Initialization raised an error: Validation failed```
# To do double or triple signing, add each additional
# signature name to this list and see the `signature."MyESPName"`
# block below
additional_signatures = ["MW"]
# Default selector to assume if the domain/signature block
# doesn't specify one
selector = "mw01"
# The default set of headers to sign if otherwise unspecified
# This recommended set comes from section 5.4.1 of RFC 6376
# See https://datatracker.ietf.org/doc/html/rfc6376#section-5.4
headers = [
"From", "Reply-To", "Subject", "Date", "To", "Cc",
"Resent-Date", "Resent-From", "Resent-To", "Resent-Cc",
"In-Reply-To", "References", "List-Id", "List-Help",
"List-Unsubscribe", "List-Subscribe", "List-Post",
"List-Owner", "List-Archive", "List-Unsubscribe-Post",
"X-Csa-Complaints"
]
policy = "SignOnlyIfInDNS"
# Automatic oversigning can help prevent certain DKIM replay attacks by asserting
# absence of any additional copies of a given header.
over_sign = true
[signature."MW"]
# Policy is interpreted differently for these
policy = "OnlyIfMissingDomainBlock" # Always add this signature
# specifies the signing domain for this signature block
domain = "sendnode.com"
selector = "mdkv20200702"```
