
	     O P T I O N A L   F E A T U R E S


INTRODUCTION
============

OpenDKIM 3.0 uses CMake for its build system.  Optional features are
enabled by passing -D flags to cmake at configure time.  There are no
autoconf --enable-xxx flags; the old 2.x FEATURES file listing FFR
(Features for Future Release) no longer applies.

All features described as "FFR" in older versions of OpenDKIM have been
either promoted to standard supported features (see PROMOTED FEATURES
below), or removed permanently (see REMOVED FEATURES below).


COMPILE-TIME OPTIONS
====================

Feature             CMake Flag              Default   Description

Lua scripting       -DWITH_LUA=ON           OFF       Enable Lua 5.4 policy hook
                                                      scripts and Lua-based data
                                                      set lookups.  Required to
                                                      build the miltertest
                                                      integration test tool.

DNSSEC resolver     -DWITH_UNBOUND=ON       ON        Use libunbound for DNSSEC-
                                                      validated DNS resolution.
                                                      When disabled, the standard
                                                      libresolv resolver is used.

Build type          -DCMAKE_BUILD_TYPE=     Debug     Set to "Release" for
                      Release                         production builds.

Code coverage       -DENABLE_COVERAGE=ON    OFF       Compile with gcov/lcov
                                                      support.  Not for
                                                      production use.


PROMOTED FEATURES
=================

The following features were previously gated behind #ifdef _FFR_* and
required explicit --enable-xxx flags.  They are now standard supported
features, always compiled in, controlled by configuration file options:

resign          Re-sign messages in a single pass.  Controlled by the
                "Resign yes/no" and "ResignMailTo" config options.
                Useful for relay servers and mailing list managers.

identity_header Allow signing key selection based on the value found in
                a named message header field.  Controlled by the
                "IdentityHeader <headername>" config option.  Useful
                for multi-tenant setups.

sender_macro    Read the sender address from an MTA macro rather than
                from the From: header field.  Controlled by the
                "SenderMacro <macroname>" config option.  Works with
                both Postfix ({mail_addr}, {sender}) and Sendmail macros.


REMOVED FEATURES
================

The following features from the 2.x FFR list have been removed
permanently.  They are not available and cannot be re-enabled:

atps            Authorized Third-Party Signatures -- never standardised.
db_handle_pools Database handle pools -- only relevant with removed backends.
default_sender  Default sender address -- low-value edge case.
diffheaders     Header diff forensics -- required the removed tre library.
ldap_caching    LDAP caching -- LDAP support removed entirely.
libar           Async resolver -- abandoned upstream in 2012.
postgres_reconnect_hack  PostgreSQL -- SQL backends removed entirely.
rate_limit      Rate limiting -- wrong layer for a signing daemon.
rbl             Realtime blacklist queries -- wrong layer; subsystem removed.
replace_rules   Sendmail masquerade workaround -- Sendmail-specific hack.
reprrd          Collaborative reputation via rrdtool -- never shipped.
reputation      Collaborative reputation -- never shipped.
reputation_cache  Reputation caching -- never shipped.
socketdb        Arbitrary socket data sets -- Lua scripts cover this.
stats / statsext  Per-message statistics -- aggregation server gone.
vbr             Vouch By Reference (RFC 5518) -- dead standard.

The following subsystems have been removed entirely:

libvbr          VBR (RFC 5518) -- dead standard.
librbl          Realtime blacklist support -- wrong layer.
reprrd          Collaborative reputation -- experimental, never shipped.
reputation      Collaborative reputation -- experimental, never shipped.
stats           Per-message statistics -- upstream server gone.

The following external dependencies have been removed:

BerkeleyDB      Replaced by LMDB.
OpenDBX         SQL abstraction -- unmaintained; SQL backends removed.
OpenLDAP        LDAP directory lookups -- removed entirely.
GnuTLS          Alternative TLS build path -- removed; OpenSSL 3 only.
tre             Regex library -- only used by removed diffheaders FFR.


DATA SET BACKENDS
=================

Supported data set backends in 3.0:

file:           Flat file with two columns (key and value).  Default if
                the path begins with "/".
refile:         Like file:, but the key column is a glob-style pattern.
csl:            Comma-separated inline list in the configuration file.
lmdb:           LMDB database file.  Replaces the removed bdb: backend.
                Fast, crash-safe, actively maintained, single file.
lua:            Lua script called for arbitrary key lookups.  Requires
                -DWITH_LUA=ON.  Useful for secrets-manager integrations.

Removed backends (no longer available): bdb:, dsn: (SQL), ldap:, ldaps:,
ldapi:.


COPYRIGHT
=========

Copyright (c) 2009, Sendmail, Inc. and its suppliers.  All rights reserved.
Copyright (c) 2009-2014, The Trusted Domain Project.  All rights reserved.
Copyright (c) 2026, PhoenixDKIM contributors.  All rights reserved.
