diff options
author | Micah <micah@leap.se> | 2015-10-20 17:14:21 -0400 |
---|---|---|
committer | Micah <micah@leap.se> | 2015-11-02 10:10:26 -0500 |
commit | e97a9d3800b173375a630e18e4b1aa0894eb96e1 (patch) | |
tree | 88c343c379462bb28b1380804f815d08b578b219 /puppet/modules/opendkim/templates | |
parent | 87ddb4d6505229f36b096188c3e43a19281b540c (diff) |
Add basic DKIM support, this requires changes in leap_cli detailed in
issue #5924
Change-Id: I6aa1e7751633407d441cbc6436d8426d37dbbfa7
Diffstat (limited to 'puppet/modules/opendkim/templates')
-rw-r--r-- | puppet/modules/opendkim/templates/opendkim.conf | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/puppet/modules/opendkim/templates/opendkim.conf b/puppet/modules/opendkim/templates/opendkim.conf new file mode 100644 index 00000000..46ddb7a8 --- /dev/null +++ b/puppet/modules/opendkim/templates/opendkim.conf @@ -0,0 +1,44 @@ +# This is a basic configuration that can easily be adapted to suit a standard +# installation. For more advanced options, see opendkim.conf(5) and/or +# /usr/share/doc/opendkim/examples/opendkim.conf.sample. + +# Log to syslog +Syslog yes +SyslogSuccess yes +LogWhy no +# Required to use local socket with MTAs that access the socket as a non- +# privileged user (e.g. Postfix) +UMask 002 + +Domain <%= @domain %> +SubDomains yes + +# set internal hosts to all the known hosts, like mydomains? + +# can we generate a larger key and get it in dns? +KeyFile <%= @dkim_key %> + +# what selector do we use? +Selector <%= @selector %> + +# Commonly-used options; the commented-out versions show the defaults. +Canonicalization relaxed +#Mode sv +#ADSPDiscard no + +# Always oversign From (sign using actual From and a null From to prevent +# malicious signatures header fields (From and/or others) between the signer +# and the verifier. From is oversigned by default in the Debian pacakge +# because it is often the identity key used by reputation systems and thus +# somewhat security sensitive. +OversignHeaders From + +# List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures +# (ATPS) (experimental) + +#ATPSDomains example.com + +RemoveOldSignatures yes + +Mode sv +BaseDirectory /var/tmp |