diff --git a/configure.ac b/configure.ac
index 371ab6d..7e1e2f1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -407,6 +407,8 @@ fi
 
 FFR_FEATURE([default_sender], [default sender address])
 
+FFR_FEATURE([lua_only_signing], [Lua setup script exclusive signing control])
+
 # sendmail command
 
 AC_PATH_PROG([SENDMAIL_PATH], [sendmail], [/usr/sbin/sendmail],
diff --git a/opendkim/opendkim-config.h b/opendkim/opendkim-config.h
index 4e4254c..06369a6 100644
--- a/opendkim/opendkim-config.h
+++ b/opendkim/opendkim-config.h
@@ -104,6 +104,9 @@ struct configdef dkimf_config[] =
 	{ "LocalADSP",			CONFIG_TYPE_STRING,	FALSE },
 	{ "LogResults",			CONFIG_TYPE_BOOLEAN,	FALSE },
 	{ "LogWhy",			CONFIG_TYPE_BOOLEAN,	FALSE },
+#ifdef _FFR_LUA_ONLY_SIGNING
+	{ "LuaOnlySigning",		CONFIG_TYPE_BOOLEAN,	FALSE },
+#endif /* _FFR_LUA_ONLY_SIGNING */
 	{ "MaximumHeaders",		CONFIG_TYPE_INTEGER,	FALSE },
 	{ "MaximumSignedBytes",		CONFIG_TYPE_INTEGER,	FALSE },
 	{ "MaximumSignaturesToVerify",	CONFIG_TYPE_INTEGER,	FALSE },
diff --git a/opendkim/opendkim.c b/opendkim/opendkim.c
index b38f60c..9fc1ef0 100644
--- a/opendkim/opendkim.c
+++ b/opendkim/opendkim.c
@@ -214,6 +214,9 @@ struct dkimf_config
 #ifdef USE_LDAP
 	_Bool		conf_softstart;		/* do LDAP soft starts */
 #endif /* USE_LDAP */
+#ifdef _FFR_LUA_ONLY_SIGNING
+	_Bool		conf_luasigning;	/* signing via Lua only */
+#endif /* _FFR_LUA_ONLY_SIGNING */
 	_Bool		conf_weaksyntax;	/* do weaker syntax checking */
 	_Bool		conf_noadsp;		/* suppress ADSP */
 	_Bool		conf_logresults;	/* log all results */
@@ -6678,6 +6681,12 @@ dkimf_config_load(struct config *data, struct dkimf_config *conf,
 		                  &conf->conf_weaksyntax,
 		                  sizeof conf->conf_weaksyntax);
 
+#ifdef _FFR_LUA_ONLY_SIGNING
+		(void) config_get(data, "LuaOnlySigning",
+		                  &conf->conf_luasigning,
+		                  sizeof conf->conf_luasigning);
+#endif /* _FFR_LUA_ONLY_SIGNING */
+
 		(void) config_get(data, "ADSPNoSuchDomain",
 		                  &conf->conf_adspnxdomain,
 		                  sizeof conf->conf_adspnxdomain);
@@ -12794,6 +12803,9 @@ mlfi_eoh(SMFICTX *ctx)
 	/* still no key selected; check the signing table (if any) */
 	if (originok && dfc->mctx_srhead == NULL &&
 	    (user != NULL && dfc->mctx_domain[0] != '\0') && 
+#ifdef _FFR_LUA_ONLY_SIGNING
+	    !conf->conf_luasigning &&
+#endif /* _FFR_LUA_ONLY_SIGNING */
 	    conf->conf_keytabledb != NULL && conf->conf_signtabledb != NULL)
 	{
 		int found;
diff --git a/opendkim/util.c b/opendkim/util.c
index 3b25886..5210f60 100644
--- a/opendkim/util.c
+++ b/opendkim/util.c
@@ -148,6 +148,10 @@ static char *optlist[] =
 	"_FFR_LDAP_CACHING",
 #endif /* _FFR_LDAP_CACHING */
 
+#if _FFR_LUA_ONLY_SIGNING
+	"_FFR_LUA_ONLY_SIGNING",
+#endif /* _FFR_LUA_ONLY_SIGNING */
+
 #if _FFR_POSTGRESQL_RECONNECT_HACK
 	"_FFR_POSTGRESQL_RECONNECT_HACK",
 #endif /* _FFR_POSTGRESQL_RECONNECT_HACK */