X-Git-Url: https://git.ralfj.de/ansible.git/blobdiff_plain/0aacb9f875a40b18dfbbc01b705b5337bf872368..a0ef97a3169e9da8b4618116075d54c49b4292b4:/roles/email/templates/opendkim.conf

diff --git a/roles/email/templates/opendkim.conf b/roles/email/templates/opendkim.conf
new file mode 100644
index 0000000..6e4d812
--- /dev/null
+++ b/roles/email/templates/opendkim.conf
@@ -0,0 +1,30 @@
+# This is a basic configuration that can easily be adapted to suit a standard
+# installation. For more advanced options, see opendkim.conf(5) and/or
+# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
+
+# Log to syslog
+Syslog			yes
+
+# Access control
+UMask			000 # postfix is "other", but the dir is protected
+UserID			opendkim
+
+# domains and keys are in table files
+KeyTable           	/etc/opendkim/KeyTable
+SigningTable       	/etc/opendkim/SigningTable
+
+# Commonly-used options; the commented-out versions show the defaults.
+#Canonicalization	simple
+#Mode			sv
+#SubDomains		no
+#ADSPAction            continue
+
+# use both Sender and From to check for which domain to sign
+SenderHeaders		Sender,From
+
+# Always oversign From (sign using actual From and a null From) to prevent
+# malicious signatures header fields (From and/or others) between the signer
+# and the verifier.  From is oversigned by default in the Debian pacakge
+# because it is often the identity key used by reputation systems and thus
+# somewhat security sensitive.
+OversignHeaders		From