{{ ansible_header | comment }} # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. AutoRestart Yes AutoRestartRate 10/1h # Log to syslog Syslog yes SyslogSuccess Yes LogWhy Yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (e.g. Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (e.g. 2007._domainkey.example.com) #Domain example.com #KeyFile /etc/mail/dkim.key #Selector 2007 # Commonly-used options; the commented-out versions show the defaults. Canonicalization relaxed/simple #mode sv #subdomains no # socket smtp://localhost # # ## socket socketspec # ## # ## names the socket where this filter should listen for milter connections # ## from the mta. required. should be in one of these forms: # ## # ## inet:port@address to listen on a specific interface # ## inet:port to listen on all interfaces # ## local:/path/to/socket to listen on a unix domain socket # #socket inet:8892@localhost socket inet:12301@localhost ## pidfile filename ### default (none) ### ### name of the file where the filter should write its pid before beginning ### normal operations. # pidfile /var/run/opendkim/opendkim.pid # list domains to use for rfc 6541 dkim authorized third-party signatures # (atps) (experimental) #atpsdomains example.com signaturealgorithm rsa-sha256 ExternalIgnoreList refile:/etc/opendkim/TrustedHosts InternalHosts refile:/etc/opendkim/TrustedHosts KeyTable refile:/etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable Mode sv #SubDomains no #ADSPDiscard no # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From ## resolverconfiguration filename ## default (none) ## ## specifies a configuration file to be passed to the unbound library that ## performs dns queries applying the dnssec protocol. see the unbound ## documentation at http://unbound.net for the expected content of this file. ## the results of using this and the trustanchorfile setting at the same ## time are undefined. ## in debian, /etc/unbound/unbound.conf is shipped as part of the suggested ## unbound package # resolverconfiguration /etc/unbound/unbound.conf ## trustanchorfile filename ## default (none) ## ## specifies a file from which trust anchor data should be read when doing ## dns queries and applying the dnssec protocol. see the unbound documentation ## at http://unbound.net for the expected format of this file. trustanchorfile /usr/share/dns/root.key ## userid userid ### default (none) ### ### change to user "userid" before starting normal operation? may include ### a group id as well, separated from the userid by a colon. # userid opendkim:opendkim # Whether to decode non- UTF-8 and non-ASCII textual parts and recode # them to UTF-8 before the text is given over to rules processing. # # normalize_charset 1