1 # This is a basic configuration that can easily be adapted to suit a standard
2 # installation. For more advanced options, see opendkim.conf(5) and/or
3 # /usr/share/doc/opendkim/examples/opendkim.conf.sample.
5 # Socket that should be established by the filter to receive connections from MTA in order to provide service.
6 # socketspec is in one of two forms: local:path (UNIX domain socket) or inet[6]:port[@host]]
7 Socket local:/var/run/opendkim/opendkim.sock
11 # Required to use local socket with MTAs that access the socket as a non-
12 # privileged user (e.g. Postfix)
16 # Remember to add user postfix to group opendkim
19 # Map domains in From addresses to keys used to sign messages
20 KeyTable /etc/opendkim/key.table
21 SigningTable refile:/etc/opendkim/signing.table
23 # Hosts to ignore when verifying signatures
24 ExternalIgnoreList /etc/opendkim/trusted.hosts
25 InternalHosts /etc/opendkim/trusted.hosts
27 # Commonly-used options; the commented-out versions show the defaults.
28 Canonicalization relaxed/simple
36 SignatureAlgorithm rsa-sha256
38 # Always oversign From (sign using actual From and a null From to prevent
39 # malicious signatures header fields (From and/or others) between the signer
40 # and the verifier. From is oversigned by default in the Debian package
41 # because it is often the identity key used by reputation systems and thus
42 # somewhat security sensitive.