# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.

# Log to syslog
Syslog			yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask			002
# OpenDKIM user
# Remember to add user postfix to group opendkim
UserID			opendkim

# Map domains in From addresses to keys used to sign messages
KeyTable		/etc/opendkim/key.table
SigningTable		refile:/etc/opendkim/signing.table

# Hosts to ignore when verifying signatures
ExternalIgnoreList	/etc/opendkim/trusted.hosts
InternalHosts		/etc/opendkim/trusted.hosts

# Commonly-used options; the commented-out versions show the defaults.
Canonicalization	relaxed/simple
Mode			sv
SubDomains		no
#ADSPAction		continue
AutoRestart		yes
AutoRestartRate		10/1M
Background		yes
DNSTimeout		5
SignatureAlgorithm	rsa-sha256

# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier.  From is oversigned by default in the Debian package
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders		From