diff --git a/mail/rspamd/src/opnsense/mvc/app/controllers/OPNsense/Rspamd/forms/settings.xml b/mail/rspamd/src/opnsense/mvc/app/controllers/OPNsense/Rspamd/forms/settings.xml
index 38f2c7e85..23ef414e7 100644
--- a/mail/rspamd/src/opnsense/mvc/app/controllers/OPNsense/Rspamd/forms/settings.xml
+++ b/mail/rspamd/src/opnsense/mvc/app/controllers/OPNsense/Rspamd/forms/settings.xml
@@ -20,9 +20,56 @@
                 <label>Blocked File Extensions</label>
                 <type>select_multiple</type>
                 <style>tokenize</style>
+                <allownew>true</allownew>
                 <help>If an attached file has a suffix in this list, the mail will be rejected via a hard reject, which means that the server will be immeadiately informed about the policy violation.</help>
             </field>
         </subtab>
+        <subtab id="rspamd-general-milter-headers" description="Milter Headers">
+            <field>
+                <id>rspamd.milter_headers.enabled</id>
+                <label>Enable</label>
+                <type>checkbox</type>
+                <help>When this checkbox is enabled, you can add additional headers to your mails, which contain information about the scan results.</help>
+            </field>
+            <field>
+                <id>rspamd.milter_headers.enable_authentication_results</id>
+                <label>Enable Authentication Result Headers</label>
+                <type>checkbox</type>
+                <help>If this checkbox is enabled, a header about the authentication state will be added.</help>
+            </field>
+            <field>
+                <id>rspamd.milter_headers.enable_extended_spam_headers</id>
+                <label>Enable Extended Spam Headers</label>
+                <type>checkbox</type>
+                <help>If this checkbox is enabled, a header containing the findings of the scan is added.</help>
+            </field>
+            <field>
+                <id>rspamd.milter_headers.enable_spamd_bar</id>
+                <label>Enable Spamd Bar</label>
+                <type>checkbox</type>
+                <help>Add a header containing a visible indicator of the spam level.</help>
+            </field>
+            <field>
+                <id>rspamd.milter_headers.skip_local</id>
+                <label>Skip Local</label>
+                <type>checkbox</type>
+                <help>This will skip adding headers for local IPs. If this is unchecked, headers will also be added anyway but if it is checked, the headers will not be added for local IPs.</help>
+            </field>
+            <field>
+                <id>rspamd.milter_headers.skip_authenticated</id>
+                <label>Skip Authenticated</label>
+                <type>checkbox</type>
+                <help>If the user is authenticated, the headers will not be added if this is enabled. If this is checked, your outgoing mails will very likely not leak information about the the scanner.</help>
+            </field>
+            <field>
+                <id>rspamd.milter_headers.extended_headers_rcpt</id>
+                <label>Extended Headers Recipients</label>
+                <type>select_multiple</type>
+                <style>tokenize</style>
+                <allownew>true</allownew>
+                <help>Enter a (partial) mail address, which should also receive extended headers. For example: user@example.com or @example.net.</help>
+            </field>
+        </subtab>
     </tab>
     <tab id="rspamd-anti-spam" description="Spam Protection">
         <subtab id="rspamd-anti-spam-graylist" description="Graylisting">
diff --git a/mail/rspamd/src/opnsense/mvc/app/models/OPNsense/Rspamd/RSpamd.xml b/mail/rspamd/src/opnsense/mvc/app/models/OPNsense/Rspamd/RSpamd.xml
index f26b91dcd..5f3f6ec9a 100644
--- a/mail/rspamd/src/opnsense/mvc/app/models/OPNsense/Rspamd/RSpamd.xml
+++ b/mail/rspamd/src/opnsense/mvc/app/models/OPNsense/Rspamd/RSpamd.xml
@@ -13,6 +13,37 @@
       </enable_redis_plugin>
     </general>
 
+    <milter_headers>
+      <enabled type="BooleanField">
+        <default>0</default>
+        <Required>Y</Required>
+      </enabled>
+      <enable_extended_spam_headers type="BooleanField">
+        <default>0</default>
+        <Required>Y</Required>
+      </enable_extended_spam_headers>
+      <enable_authentication_results type="BooleanField">
+        <default>0</default>
+        <Required>Y</Required>
+      </enable_authentication_results>
+      <enable_spamd_bar type="BooleanField">
+        <default>0</default>
+        <Required>Y</Required>
+      </enable_spamd_bar>
+      <skip_local type="BooleanField">
+        <default>0</default>
+        <Required>Y</Required>
+      </skip_local>
+      <skip_authenticated type="BooleanField">
+        <default>0</default>
+        <Required>Y</Required>
+      </skip_authenticated>
+      <extended_headers_rcpt type="CSVListField">
+        <mask>/[a-z0-9\.\-_@,]+/i</mask>
+        <Required>N</Required>
+      </extended_headers_rcpt>
+    </milter_headers>
+
     <graylist>
       <expire type="IntegerField">
         <Required>N</Required>
diff --git a/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/+TARGETS b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/+TARGETS
index a4038e206..20ea9843e 100644
--- a/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/+TARGETS
+++ b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/+TARGETS
@@ -10,6 +10,7 @@ surbl-whitelist.inc.local:/var/db/rspamd/surbl-whitelist.inc.local
 2tld.inc.local:/var/db/rspamd/2tld.inc.local
 greylist.conf:/usr/local/etc/rspamd/local.d/greylist.conf
 phishing.conf:/usr/local/etc/rspamd/local.d/phishing.conf
+milter_headers.conf:/usr/local/etc/rspamd/local.d/milter_headers.conf
 multimap.conf:/usr/local/etc/rspamd/local.d/multimap.conf
 mx_check.conf:/usr/local/etc/rspamd/local.d/mx_check.conf
 ratelimit.conf:/usr/local/etc/rspamd/local.d/ratelimit.conf
diff --git a/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/milter_headers.conf b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/milter_headers.conf
new file mode 100644
index 000000000..acddb39e5
--- /dev/null
+++ b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/milter_headers.conf
@@ -0,0 +1,28 @@
+{% if helpers.exists('OPNsense.Rspamd.milter_headers.enabled') and OPNsense.Rspamd.milter_headers.enabled == '1' %}
+{% set usemodules = [] %}
+
+extended_spam_headers = {% if helpers.exists('OPNsense.Rspamd.milter_headers.enable_extended_spam_headers') and OPNsense.Rspamd.milter_headers.enable_extended_spam_headers == '1' %}true{% else %}false{% endif %};
+{%   if helpers.exists('OPNsense.Rspamd.milter_headers.enable_authentication_results') and OPNsense.Rspamd.milter_headers.enable_authentication_results == '1' %}
+{%     do usemodules.append('authentication-results') %}
+authenticated_headers = ["authentication-results"];
+{%   endif %}
+
+{%   if helpers.exists('OPNsense.Rspamd.milter_headers.enable_spamd_bar') and OPNsense.Rspamd.milter_headers.enable_spamd_bar == '1' %}
+{%     do usemodules.append('x-spamd-bar') %}
+local_headers = ["x-spamd-bar"];
+{%   endif %}
+
+
+skip_local = {% if helpers.exists('OPNsense.Rspamd.milter_headers.skip_local') and OPNsense.Rspamd.milter_headers.skip_local == '1' %}true{% else %}false{% endif %};
+
+skip_authenticated = {% if helpers.exists('OPNsense.Rspamd.milter_headers.skip_authenticated') and OPNsense.Rspamd.milter_headers.skip_authenticated == '1' %}true{% else %}false{% endif %};
+
+{%   if helpers.exists('OPNsense.Rspamd.milter_headers.extended_headers_rcpt') and OPNsense.Rspamd.milter_headers.extended_headers_rcpt != '' %}
+extended_headers_rcpt = [{{ '"' + ( '", "'.join(OPNsense.Rspamd.milter_headers.extended_headers_rcpt.split(',') ) ) + '"' }}];
+{%   endif %}
+
+{%   if usemodules|length > 0 %}
+use = [{{ '"' + ( '", "'.join(usemodules) ) + '"' }}];
+{%   endif %}
+{% endif %}
+