113 lines
3.6 KiB
Django/Jinja
113 lines
3.6 KiB
Django/Jinja
{{ ansible_header | comment }}
|
|
|
|
# This is a basic configuration that can easily be adapted to suit a standard
|
|
# installation. For more advanced options, see opendkim.conf(5) and/or
|
|
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
|
|
|
|
AutoRestart Yes
|
|
AutoRestartRate 10/1h
|
|
|
|
# Log to syslog
|
|
Syslog yes
|
|
SyslogSuccess Yes
|
|
LogWhy Yes
|
|
# Required to use local socket with MTAs that access the socket as a non-
|
|
# privileged user (e.g. Postfix)
|
|
UMask 002
|
|
|
|
# Sign for example.com with key in /etc/mail/dkim.key using
|
|
# selector '2007' (e.g. 2007._domainkey.example.com)
|
|
#Domain example.com
|
|
#KeyFile /etc/mail/dkim.key
|
|
#Selector 2007
|
|
|
|
# Commonly-used options; the commented-out versions show the defaults.
|
|
Canonicalization relaxed/simple
|
|
|
|
#mode sv
|
|
#subdomains no
|
|
|
|
# socket smtp://localhost
|
|
#
|
|
# ## socket socketspec
|
|
# ##
|
|
# ## names the socket where this filter should listen for milter connections
|
|
# ## from the mta. required. should be in one of these forms:
|
|
# ##
|
|
# ## inet:port@address to listen on a specific interface
|
|
# ## inet:port to listen on all interfaces
|
|
# ## local:/path/to/socket to listen on a unix domain socket
|
|
#
|
|
#socket inet:8892@localhost
|
|
socket inet:12301@localhost
|
|
|
|
|
|
## pidfile filename
|
|
### default (none)
|
|
###
|
|
### name of the file where the filter should write its pid before beginning
|
|
### normal operations.
|
|
#
|
|
pidfile /var/run/opendkim/opendkim.pid
|
|
|
|
|
|
# list domains to use for rfc 6541 dkim authorized third-party signatures
|
|
# (atps) (experimental)
|
|
|
|
#atpsdomains example.com
|
|
|
|
signaturealgorithm rsa-sha256
|
|
|
|
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
|
|
InternalHosts refile:/etc/opendkim/TrustedHosts
|
|
KeyTable refile:/etc/opendkim/KeyTable
|
|
SigningTable refile:/etc/opendkim/SigningTable
|
|
|
|
Mode sv
|
|
#SubDomains no
|
|
#ADSPDiscard no
|
|
|
|
# Always oversign From (sign using actual From and a null From to prevent
|
|
# malicious signatures header fields (From and/or others) between the signer
|
|
# and the verifier. From is oversigned by default in the Debian pacakge
|
|
# because it is often the identity key used by reputation systems and thus
|
|
# somewhat security sensitive.
|
|
OversignHeaders From
|
|
{% if opendkim.sender_headers %}SenderHeaders List-Post,Sender,From{% endif %}
|
|
|
|
|
|
## resolverconfiguration filename
|
|
## default (none)
|
|
##
|
|
## specifies a configuration file to be passed to the unbound library that
|
|
## performs dns queries applying the dnssec protocol. see the unbound
|
|
## documentation at http://unbound.net for the expected content of this file.
|
|
## the results of using this and the trustanchorfile setting at the same
|
|
## time are undefined.
|
|
## in debian, /etc/unbound/unbound.conf is shipped as part of the suggested
|
|
## unbound package
|
|
|
|
# resolverconfiguration /etc/unbound/unbound.conf
|
|
|
|
## trustanchorfile filename
|
|
## default (none)
|
|
##
|
|
## specifies a file from which trust anchor data should be read when doing
|
|
## dns queries and applying the dnssec protocol. see the unbound documentation
|
|
## at http://unbound.net for the expected format of this file.
|
|
|
|
trustanchorfile /usr/share/dns/root.key
|
|
|
|
## userid userid
|
|
### default (none)
|
|
###
|
|
### change to user "userid" before starting normal operation? may include
|
|
### a group id as well, separated from the userid by a colon.
|
|
#
|
|
userid opendkim:opendkim
|
|
|
|
# Whether to decode non- UTF-8 and non-ASCII textual parts and recode
|
|
# them to UTF-8 before the text is given over to rules processing.
|
|
#
|
|
# normalize_charset 1
|