104 lines
4.1 KiB
Django/Jinja
104 lines
4.1 KiB
Django/Jinja
## CONFIGURATION OPTIONS
|
|
|
|
## Specifies the path to the process ID file.
|
|
PidFile /var/run/opendkim/opendkim.pid
|
|
|
|
## Selects operating modes. Valid modes are s (sign) and v (verify). Default is v.
|
|
## Must be changed to s (sign only) or sv (sign and verify) in order to sign outgoing
|
|
## messages.
|
|
Mode {{ postfix_dkim_mode }}
|
|
|
|
{% if "s" in postfix_dkim_mode %}
|
|
## SubDomains { yes | no }
|
|
## default "no"
|
|
##
|
|
## Sign for subdomains as well?
|
|
|
|
SubDomains {{ postfix_dkim_sign_subdomains }}
|
|
{% endif %}
|
|
|
|
## Log activity to the system log.
|
|
Syslog {{ postfix_dkim_syslog }}
|
|
|
|
## Log additional entries indicating successful signing or verification of messages.
|
|
SyslogSuccess {{ postfix_dkim_syslog_success }}
|
|
|
|
## If logging is enabled, include detailed logging about why or why not a message was
|
|
## signed or verified. This causes an increase in the amount of log data generated
|
|
## for each message, so set this to No (or comment it out) if it gets too noisy.
|
|
LogWhy {{ postfix_dkim_logwhy }}
|
|
|
|
## Attempt to become the specified user before starting operations.
|
|
UserID {{ postfix_dkim_user }}:{{ postfix_dkim_group }}
|
|
|
|
## Create a socket through which your MTA can communicate.
|
|
Socket {{ postfix_dkim_socket }}
|
|
|
|
## Required to use local socket with MTAs that access the socket as a non-
|
|
## privileged user (e.g. Postfix)
|
|
Umask 002
|
|
|
|
## This specifies a text file in which to store DKIM transaction statistics.
|
|
## OpenDKIM must be manually compiled with --enable-stats to enable this feature.
|
|
# Statistics /var/spool/opendkim/stats.dat
|
|
|
|
{% if "v" in postfix_dkim_mode %}
|
|
## Specifies whether or not the filter should generate report mail back
|
|
## to senders when verification fails and an address for such a purpose
|
|
## is provided. See opendkim.conf(5) for details.
|
|
SendReports {{ postfix_dkim_v_sendreports }}
|
|
|
|
{% endif %}
|
|
{% if postfix_dkim_reportaddress != '' %}
|
|
## Specifies the sending address to be used on From: headers of outgoing
|
|
## failure reports. By default, the e-mail address of the user executing
|
|
## the filter is used (executing_user@hostname).
|
|
# ReportAddress {{ postfix_dkim_reportaddress }}
|
|
{% endif %}
|
|
|
|
## Add a DKIM-Filter header field to messages passing through this filter
|
|
## to identify messages it has processed.
|
|
SoftwareHeader yes
|
|
|
|
{% if "s" in postfix_dkim_mode %}
|
|
## SIGNING OPTIONS
|
|
|
|
## Selects the canonicalization method(s) to be used when signing messages.
|
|
Canonicalization {{ postfix_dkim_canonicalization }}
|
|
|
|
## Specifies the minimum number of key bits for acceptable keys and signatures.
|
|
MinimumKeyBits {{ postfix_dkim_minkeybits }}
|
|
|
|
## Gives the location of a file mapping key names to signing keys. In simple terms,
|
|
## this tells OpenDKIM where to find your keys. If present, overrides any KeyFile
|
|
## directive in the configuration file. Requires SigningTable be enabled.
|
|
KeyTable /etc/opendkim/keytable
|
|
|
|
## Defines a table used to select one or more signatures to apply to a message based
|
|
## on the address found in the From: header field. In simple terms, this tells
|
|
## OpenDKIM how to use your keys. Requires KeyTable be enabled.
|
|
SigningTable refile:/etc/opendkim/signingtable
|
|
|
|
{% if postfix_dkim_trusted_hosts_enabled %}
|
|
## Identifies a set of "external" hosts that may send mail through the server as one
|
|
## of the signing domains without credentials as such.
|
|
# ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
|
|
|
|
## Identifies a set "internal" hosts whose mail should be signed rather than verified.
|
|
InternalHosts refile:/etc/opendkim/TrustedHosts
|
|
{% endif %}
|
|
|
|
## Always oversign From (sign using actual From and a null From to prevent
|
|
## malicious signatures header fields (From and/or others) between the signer
|
|
## and the verifier. From is oversigned by default in the Fedora package
|
|
## because it is often the identity key used by reputation systems and thus
|
|
## somewhat security sensitive.
|
|
OversignHeaders From
|
|
{% endif %}
|
|
|
|
## Instructs the DKIM library to maintain its own local cache of keys and
|
|
## policies retrieved from DNS, rather than relying on the nameserver for
|
|
## caching service. Useful if the nameserver being used by the filter is
|
|
## not local.
|
|
# QueryCache yes
|