1 # This is a basic configuration that can easily be adapted to suit a standard
2 # installation. For more advanced options, see opendkim.conf(5) and/or
3 # /usr/share/doc/opendkim/examples/opendkim.conf.sample.
9 UMask 000 # postfix is "other", but the dir is protected
12 # domains and keys are in table files
13 KeyTable /etc/opendkim/KeyTable
14 SigningTable /etc/opendkim/SigningTable
16 # Commonly-used options; the commented-out versions show the defaults.
17 #Canonicalization simple
22 # use both Sender and From to check for which domain to sign
23 SenderHeaders Sender,From
25 # Always oversign From (sign using actual From and a null From) to prevent
26 # malicious signatures header fields (From and/or others) between the signer
27 # and the verifier. From is oversigned by default in the Debian pacakge
28 # because it is often the identity key used by reputation systems and thus
29 # somewhat security sensitive.
34 ## Specifies a file from which trust anchor data should be read when doing
35 ## DNS queries and applying the DNSSEC protocol. See the Unbound documentation
36 ## at http://unbound.net for the expected format of this file.
38 TrustAnchorFile /usr/share/dns/root.key
41 # Path must match postfix main.cf
42 Socket local:/var/spool/postfix/opendkim/sock
43 PidFile /var/spool/postfix/opendkim/opendkim.pid