blob: 5a948229196332c0cef110394db857286975a69a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
# Log to syslog
Syslog yes
SyslogSuccess yes
LogWhy no
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask 002
Domain <%= @domain %>
SubDomains yes
# set internal hosts to all the known hosts, like mydomains?
# can we generate a larger key and get it in dns?
KeyFile <%= @dkim_key %>
Selector <%= @selector %>
# Commonly-used options; the commented-out versions show the defaults.
Canonicalization relaxed
#Mode sv
#ADSPDiscard no
SignatureAlgorithm rsa-sha256
# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier. From is oversigned by default in the Debian pacakge
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders From
# List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures
# (ATPS) (experimental)
#ATPSDomains example.com
RemoveOldSignatures yes
Mode sv
BaseDirectory /var/tmp
|