From e97a9d3800b173375a630e18e4b1aa0894eb96e1 Mon Sep 17 00:00:00 2001 From: Micah Date: Tue, 20 Oct 2015 17:14:21 -0400 Subject: Add basic DKIM support, this requires changes in leap_cli detailed in issue #5924 Change-Id: I6aa1e7751633407d441cbc6436d8426d37dbbfa7 --- puppet/modules/opendkim/templates/opendkim.conf | 44 +++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 puppet/modules/opendkim/templates/opendkim.conf (limited to 'puppet/modules/opendkim/templates/opendkim.conf') diff --git a/puppet/modules/opendkim/templates/opendkim.conf b/puppet/modules/opendkim/templates/opendkim.conf new file mode 100644 index 00000000..46ddb7a8 --- /dev/null +++ b/puppet/modules/opendkim/templates/opendkim.conf @@ -0,0 +1,44 @@ +# This is a basic configuration that can easily be adapted to suit a standard +# installation. For more advanced options, see opendkim.conf(5) and/or +# /usr/share/doc/opendkim/examples/opendkim.conf.sample. + +# Log to syslog +Syslog yes +SyslogSuccess yes +LogWhy no +# Required to use local socket with MTAs that access the socket as a non- +# privileged user (e.g. Postfix) +UMask 002 + +Domain <%= @domain %> +SubDomains yes + +# set internal hosts to all the known hosts, like mydomains? + +# can we generate a larger key and get it in dns? +KeyFile <%= @dkim_key %> + +# what selector do we use? +Selector <%= @selector %> + +# Commonly-used options; the commented-out versions show the defaults. +Canonicalization relaxed +#Mode sv +#ADSPDiscard no + +# Always oversign From (sign using actual From and a null From to prevent +# malicious signatures header fields (From and/or others) between the signer +# and the verifier. From is oversigned by default in the Debian pacakge +# because it is often the identity key used by reputation systems and thus +# somewhat security sensitive. +OversignHeaders From + +# List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures +# (ATPS) (experimental) + +#ATPSDomains example.com + +RemoveOldSignatures yes + +Mode sv +BaseDirectory /var/tmp -- cgit v1.2.3 From 685642e8bfdaff16a4f02bd40b5d2aef15b68d94 Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 13 Feb 2016 23:48:48 -0800 Subject: get dkim working, closes #5924 --- puppet/modules/opendkim/templates/opendkim.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'puppet/modules/opendkim/templates/opendkim.conf') diff --git a/puppet/modules/opendkim/templates/opendkim.conf b/puppet/modules/opendkim/templates/opendkim.conf index 46ddb7a8..5a948229 100644 --- a/puppet/modules/opendkim/templates/opendkim.conf +++ b/puppet/modules/opendkim/templates/opendkim.conf @@ -18,7 +18,6 @@ SubDomains yes # can we generate a larger key and get it in dns? KeyFile <%= @dkim_key %> -# what selector do we use? Selector <%= @selector %> # Commonly-used options; the commented-out versions show the defaults. @@ -26,6 +25,8 @@ Canonicalization relaxed #Mode sv #ADSPDiscard no +SignatureAlgorithm rsa-sha256 + # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge -- cgit v1.2.3