summaryrefslogtreecommitdiff
path: root/puppet/modules/opendkim/templates/opendkim.conf
blob: 46ddb7a87f5d751b8c9c2feb1b02b7d6c8409817 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.

# Log to syslog
Syslog                  yes
SyslogSuccess           yes
LogWhy                  no
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask                   002

Domain                  <%= @domain %>
SubDomains              yes

# set internal hosts to all the known hosts, like mydomains?

# can we generate a larger key and get it in dns?
KeyFile                 <%= @dkim_key %>

# what selector do we use?
Selector                <%= @selector %>

# Commonly-used options; the commented-out versions show the defaults.
Canonicalization        relaxed
#Mode                   sv
#ADSPDiscard            no

# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier.  From is oversigned by default in the Debian pacakge
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders         From

# List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures
# (ATPS) (experimental)

#ATPSDomains            example.com

RemoveOldSignatures     yes

Mode                    sv
BaseDirectory           /var/tmp