From 291156ae4a7ef65fae14e7f5ea1fd465e9d3d018 Mon Sep 17 00:00:00 2001 From: arf20 Date: Fri, 23 Feb 2024 18:05:25 +0000 Subject: Actually use opendkim milter in postfix --- opendkim/opendkim.conf | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 opendkim/opendkim.conf (limited to 'opendkim') diff --git a/opendkim/opendkim.conf b/opendkim/opendkim.conf new file mode 100644 index 0000000..07108f8 --- /dev/null +++ b/opendkim/opendkim.conf @@ -0,0 +1,51 @@ +# This is a basic configuration for signing and verifying. It can easily be +# adapted to suit a basic installation. See opendkim.conf(5) and +# /usr/share/doc/opendkim/examples/opendkim.conf.sample for complete +# documentation of available configuration parameters. + +Syslog yes +SyslogSuccess yes +#LogWhy no + +# Common signing and verification parameters. In Debian, the "From" header is +# oversigned, because it is often the identity key used by reputation systems +# and thus somewhat security sensitive. +Canonicalization relaxed/simple +Mode sv +#SubDomains no +OversignHeaders From + +# Signing domain, selector, and key (required). For example, perform signing +# for domain "example.com" with selector "2020" (2020._domainkey.example.com), +# using the private key stored in /etc/dkimkeys/example.private. More granular +# setup options can be found in /usr/share/doc/opendkim/README.opendkim. +Domain arf20.com +Selector selector +KeyFile /etc/opendkim/keys/arf20.com/selector.private + +# In Debian, opendkim runs as user "opendkim". A umask of 007 is required when +# using a local socket with MTAs that access the socket as a non-privileged +# user (for example, Postfix). You may need to add user "postfix" to group +# "opendkim" in that case. +UserID opendkim +UMask 007 + +# Socket for the MTA connection (required). If the MTA is inside a chroot jail, +# it must be ensured that the socket is accessible. In Debian, Postfix runs in +# a chroot in /var/spool/postfix, therefore a Unix socket would have to be +# configured as shown on the last line below. +#Socket local:/run/opendkim/opendkim.sock +#Socket inet:8891@localhost +#Socket inet:8891 +Socket local:/var/spool/postfix/opendkim/opendkim.sock + +PidFile /run/opendkim/opendkim.pid + +# Hosts for which to sign rather than verify, default is 127.0.0.1. See the +# OPERATION section of opendkim(8) for more information. +#InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12 + +# The trust anchor enables DNSSEC. In Debian, the trust anchor file is provided +# by the package dns-root-data. +TrustAnchorFile /usr/share/dns/root.key +#Nameservers 127.0.0.1 -- cgit v1.2.3