# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.

# Log to syslog
Syslog                  yes
SyslogSuccess           yes
LogWhy                  no
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask                   002

Domain                  <%= @domain %>
SubDomains              yes

# set internal hosts to all the known hosts, like mydomains?

# can we generate a larger key and get it in dns?
KeyFile                 <%= @dkim_key %>

Selector                <%= @selector %>

# Commonly-used options; the commented-out versions show the defaults.
Canonicalization        relaxed
#Mode                   sv
#ADSPDiscard            no

SignatureAlgorithm      rsa-sha256

# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier.  From is oversigned by default in the Debian pacakge
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders         From

# List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures
# (ATPS) (experimental)

#ATPSDomains            example.com

RemoveOldSignatures     yes

Mode                    sv
BaseDirectory           /var/tmp