88 lines
3.2 KiB
Django/Jinja
88 lines
3.2 KiB
Django/Jinja
## BASIC OPENDKIM CONFIGURATION FILE
|
|
## See opendkim.conf(5) or %{_pkgdocdir}/opendkim.conf.sample for more
|
|
|
|
## BEFORE running OpenDKIM you must:
|
|
|
|
## - make your MTA (Postfix, Sendmail, etc.) aware of OpenDKIM
|
|
## - generate keys for your domain (if signing)
|
|
## - edit your DNS records to publish your public keys (if signing)
|
|
|
|
## See %{_pkgdocdir}/INSTALL for detailed instructions.
|
|
|
|
## CONFIGURATION OPTIONS
|
|
|
|
AutoRestart Yes
|
|
AutoRestartRate 10/1h
|
|
|
|
# Specifies the path to the process ID file.
|
|
PidFile /var/run/opendkim/opendkim.pid
|
|
|
|
# Selects operating modes. Valid modes are s (sign) and v (verify). Default is v.
|
|
# Must be changed to s (sign only) or sv (sign and verify) in order to sign outgoing
|
|
# messages.
|
|
Mode sv
|
|
|
|
# Log activity to the system log.
|
|
Syslog yes
|
|
|
|
# Log additional entries indicating successful signing or verification of messages.
|
|
SyslogSuccess yes
|
|
|
|
# If logging is enabled, include detailed logging about why or why not a message was
|
|
# signed or verified. This causes an increase in the amount of log data generated
|
|
# for each message, so set this to No (or comment it out) if it gets too noisy.
|
|
LogWhy yes
|
|
|
|
# Attempt to become the specified user before starting operations.
|
|
UserID opendkim:opendkim
|
|
|
|
# Create a socket through which your MTA can communicate.
|
|
Socket inet:8891@localhost
|
|
|
|
# Required to use local socket with MTAs that access the socket as a non-
|
|
# privileged user (e.g. Postfix)
|
|
Umask 022
|
|
|
|
# This specifies a text file in which to store DKIM transaction statistics.
|
|
# OpenDKIM must be manually compiled with --enable-stats to enable this feature.
|
|
#Statistics /var/spool/opendkim/stats.dat
|
|
|
|
## SIGNING OPTIONS
|
|
|
|
# Selects the canonicalization method(s) to be used when signing messages.
|
|
Canonicalization relaxed/simple
|
|
|
|
# Domain(s) whose mail should be signed by this filter. Mail from other domains will
|
|
# be verified rather than being signed. Uncomment and use your domain name.
|
|
# This parameter is not required if a SigningTable is in use.
|
|
#Domain example.com
|
|
|
|
# Defines the name of the selector to be used when signing messages.
|
|
Selector default
|
|
|
|
# Specifies the minimum number of key bits for acceptable keys and signatures.
|
|
MinimumKeyBits 1024
|
|
|
|
# Gives the location of a private key to be used for signing ALL messages. This
|
|
# directive is ignored if KeyTable is enabled.
|
|
#KeyFile /etc/opendkim/keys/default.private
|
|
|
|
# Gives the location of a file mapping key names to signing keys. In simple terms,
|
|
# this tells OpenDKIM where to find your keys. If present, overrides any KeyFile
|
|
# directive in the configuration file. Requires SigningTable be enabled.
|
|
KeyTable refile:/etc/opendkim/KeyTable
|
|
|
|
# Defines a table used to select one or more signatures to apply to a message based
|
|
# on the address found in the From: header field. In simple terms, this tells
|
|
# OpenDKIM how to use your keys. Requires KeyTable be enabled.
|
|
SigningTable refile:/etc/opendkim/SigningTable
|
|
|
|
# Identifies a set of "external" hosts that may send mail through the server as one
|
|
# of the signing domains without credentials as such.
|
|
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
|
|
|
|
# Identifies a set "internal" hosts whose mail should be signed rather than verified.
|
|
InternalHosts refile:/etc/opendkim/TrustedHosts
|
|
|
|
SignatureAlgorithm rsa-sha256
|
|
|