# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.

# Log to syslog
Syslog			yes

# Access control
UMask			000 # postfix is "other", but the dir is protected
UserID			opendkim

# domains and keys are in table files
KeyTable           	/etc/opendkim/KeyTable
SigningTable       	/etc/opendkim/SigningTable

# Commonly-used options; the commented-out versions show the defaults.
#Canonicalization	simple
#Mode			sv
#SubDomains		no
#ADSPAction            continue

# use both Sender and From to check for which domain to sign
SenderHeaders		Sender,From

# Always oversign From (sign using actual From and a null From) to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier.  From is oversigned by default in the Debian pacakge
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders		From

##      default (none)
##
## Specifies a file from which trust anchor data should be read when doing
## DNS queries and applying the DNSSEC protocol.  See the Unbound documentation
## at http://unbound.net for the expected format of this file.

TrustAnchorFile       /usr/share/dns/root.key