it-infra/m-labs-intl/opendkim.conf

# This is a basic configuration for signing and verifying. It can easily be
# adapted to suit a basic installation. See opendkim.conf(5) and
# /usr/share/doc/opendkim/examples/opendkim.conf.sample for complete
# documentation of available configuration parameters.

Syslog			yes
SyslogSuccess		yes
#LogWhy			no

# Common signing and verification parameters. In Debian, the "From" header is
# oversigned, because it is often the identity key used by reputation systems
# and thus somewhat security sensitive.
Canonicalization	relaxed/simple
#Mode			sv
#SubDomains		no
OversignHeaders		From

# Signing domain, selector, and key (required). For example, perform signing
# for domain "example.com" with selector "2020" (2020._domainkey.example.com),
# using the private key stored in /etc/dkimkeys/example.private. More granular
# setup options can be found in /usr/share/doc/opendkim/README.opendkim.
#Domain			example.com
#Selector		2020
#KeyFile		/etc/dkimkeys/example.private

# In Debian, opendkim runs as user "opendkim". A umask of 007 is required when
# using a local socket with MTAs that access the socket as a non-privileged
# user (for example, Postfix). You may need to add user "postfix" to group
# "opendkim" in that case.
UserID			opendkim
UMask			007

# Socket for the MTA connection (required). If the MTA is inside a chroot jail,
# it must be ensured that the socket is accessible. In Debian, Postfix runs in
# a chroot in /var/spool/postfix, therefore a Unix socket would have to be
# configured as shown on the last line below.
Socket			local:/run/opendkim/opendkim.sock
#Socket			inet:8891@localhost
#Socket			inet:8891
#Socket			local:/var/spool/postfix/opendkim/opendkim.sock

PidFile			/run/opendkim/opendkim.pid

# Hosts for which to sign rather than verify, default is 127.0.0.1. See the
# OPERATION section of opendkim(8) for more information.
#InternalHosts		192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12

# The trust anchor enables DNSSEC. In Debian, the trust anchor file is provided
# by the package dns-root-data.
TrustAnchorFile		/usr/share/dns/root.key
#Nameservers		127.0.0.1


Domain                  m-labs-intl.com
KeyFile                 /etc/postfix/dkim.key
Selector                mail
SOCKET                  inet:8891@localhost
Postfix instead of nginx streams Signed-off-by: Egor Savkin <es@m-labs.hk> 2024-08-01 16:34:12 +08:00			`# This is a basic configuration for signing and verifying. It can easily be`
			`# adapted to suit a basic installation. See opendkim.conf(5) and`
			`# /usr/share/doc/opendkim/examples/opendkim.conf.sample for complete`
			`# documentation of available configuration parameters.`

			`Syslog yes`
			`SyslogSuccess yes`
			`#LogWhy no`

			`# Common signing and verification parameters. In Debian, the "From" header is`
			`# oversigned, because it is often the identity key used by reputation systems`
			`# and thus somewhat security sensitive.`
			`Canonicalization relaxed/simple`
			`#Mode sv`
			`#SubDomains no`
			`OversignHeaders From`

			`# Signing domain, selector, and key (required). For example, perform signing`
			`# for domain "example.com" with selector "2020" (2020._domainkey.example.com),`
			`# using the private key stored in /etc/dkimkeys/example.private. More granular`
			`# setup options can be found in /usr/share/doc/opendkim/README.opendkim.`
			`#Domain example.com`
			`#Selector 2020`
			`#KeyFile /etc/dkimkeys/example.private`

			`# In Debian, opendkim runs as user "opendkim". A umask of 007 is required when`
			`# using a local socket with MTAs that access the socket as a non-privileged`
			`# user (for example, Postfix). You may need to add user "postfix" to group`
			`# "opendkim" in that case.`
			`UserID opendkim`
			`UMask 007`

			`# Socket for the MTA connection (required). If the MTA is inside a chroot jail,`
			`# it must be ensured that the socket is accessible. In Debian, Postfix runs in`
			`# a chroot in /var/spool/postfix, therefore a Unix socket would have to be`
			`# configured as shown on the last line below.`
			`Socket local:/run/opendkim/opendkim.sock`
			`#Socket inet:8891@localhost`
			`#Socket inet:8891`
			`#Socket local:/var/spool/postfix/opendkim/opendkim.sock`

			`PidFile /run/opendkim/opendkim.pid`

			`# Hosts for which to sign rather than verify, default is 127.0.0.1. See the`
			`# OPERATION section of opendkim(8) for more information.`
			`#InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12`

			`# The trust anchor enables DNSSEC. In Debian, the trust anchor file is provided`
			`# by the package dns-root-data.`
			`TrustAnchorFile /usr/share/dns/root.key`
			`#Nameservers 127.0.0.1`


			`Domain m-labs-intl.com`
			`KeyFile /etc/postfix/dkim.key`
			`Selector mail`
			`SOCKET inet:8891@localhost`