-
-
Save sibok/97a8e33d5f7309b4fa1c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Postfix main.cf | |
milter_DKIM = inet:localhost:8891 | |
milter_DMARC = inet:localhost:8893 | |
milter_default_action = accept | |
milter_protocol = 6 | |
non_smtpd_milters = $milter_DKIM | |
smtpd_milters = $milter_DKIM, $milter_DMARC | |
## OpenDKIM opendkim.conf | |
## http://www.opendkim.org/opendkim.conf.5.html | |
## If "true", results for all signatures will be reported by an added Authentication-Results header field. Otherwise, only one signature will be reported, and which one depends on the TrustSignaturesFrom setting or, in its absence, which | |
one(s) passed first or, if none passed, which one was found first during message processing. | |
AddAllSignatureResults yes | |
#ADSPDiscard yes | |
ADSPNoSuchDomain yes | |
AllowSHA1Only no | |
## Add an "Authentication-Results:" header field even to unsigned messages from domains with no "signs all" policy. The reported DKIM result will be "none" in such cases. Normally unsigned mail from non-strict domains does not cause the | |
results header field to be added. | |
AlwaysAddARHeader yes | |
## Specifies a set of header fields that should be included in all signature header lists (the "h=" tag) once more than the number of times they were actually present in the signed message. The set is empty by default. The purpose of thi | |
s, and especially of listing an absent header field, is to prevent the addition of important fields between the signer and the verifier. Since the verifier would include that header field when performing verification if it had been added | |
by an intermediary, the signed message and the verified message were different and the verification would fail. Note that listing a field name here and not listing it in the SignHeaders list is likely to generate invalid signatures. | |
#OversignHeaders From | |
## Specifies the set of header fields that should be included when generating signatures. If the list omits any header field that is mandated by the DKIM specification, those fields are implicitly added. By default, those fields listed i | |
n the DKIM specification as "SHOULD" be signed (RFC6376, Section 5.4) will be signed by the filter. See the OmitHeaders configuration option for more information about the format and interpretation of this field. | |
#SignHeaders | |
## Suppresses removal of Authentication-Results header fields containing DKIM results apparently added by this filter (usually the result of a misconfiguration or a forgery). | |
#KeepAuthResults | |
## Sets the "authserv-id" to use when generating the Authentication-Results: header field after verifying a message. The default is to use the name of the MTA processing the message. If the string "HOSTNAME" is provided, the name of the | |
host running the filter (as returned by the gethostname(3) function) will be used. | |
# AuthservID | |
## If true, when a policy evaluation fails and the signing site advertises a reporting address (i.e. r=user in its policy record) and a request for reports of such failures, the filter will send a structured report to that address contai | |
ning details of the incident. | |
SendADSPReports yes | |
## When signing, includes a request for signature evaluation failures in the signature. (See draft-ietf-marf-dkim-reporting for details.) | |
RequestReports yes | |
## Specifies the string to use in the From: header field for outgoing reports (see SendReports and SendADSPReports below). If not specified, the executing user and local hostname will be used to construct the address. | |
ReportAddress noreply-dkim-support@example.es | |
## Specifies address(es) to include in a Bcc: header field on outgoing reports (see SendReports and SendADSPReports below). If multiple addresses are required, they should be comma separated. | |
ReportBccAddress admin@example.es | |
## Specifies the path to an executable to be used for sending mail such as that generated by SendADSPReports and SendReports. The default is @SENDMAIL_PATH@. The executable should accept typical sendmail(8) command line options "−t" (tak | |
e addresses from message body) and "−f" (set envelope sender), accept the new message on its standard input, and return a non-zero exit status on any error. | |
MTACommand ReportCommand /usr/sbin/sendmail -t -F 'DKIM Postmaster' | |
AutoRestart yes | |
AutoRestartRate 10/1h | |
BaseDirectory /var/run/opendkim | |
Canonicalization relaxed/simple | |
# add all your domains here and seperate them with comma | |
Domain cv-coach.com,ofertamus.es,ofertamus.com,example.es,example.com | |
ExternalIgnoreList /etc/dkim/trusted-hosts | |
InternalHosts /etc/dkim/trusted-hosts | |
KeyTable refile:/etc/dkim/KeyTable | |
SigningTable refile:/etc/dkim/SigningTable | |
LocalADSP /etc/dkim/local-adsp-rules | |
SubDomains true | |
Mode sv | |
#MTA MSA | |
MTA host.example.es #mail.example.es | |
#On-Default reject | |
On-Default accept | |
#On-BadSignature reject | |
On-BadSignature accept | |
On-DNSError tempfail | |
On-InternalError accept | |
On-NoSignature accept | |
On-Security discard | |
On-Security tempfail | |
PidFile /var/run/opendkim/opendkim.pid | |
QueryCache yes | |
#RemoveOldSignatures yes | |
RemoveOldSignatures no | |
Selector default | |
SignatureAlgorithm rsa-sha1 | |
Socket inet:8891@localhost | |
#Socket local:/run/opendkim/socket | |
#Socket local:/var/spool/postfix/var/run/opendkim/opendkim.sock | |
Syslog yes | |
LogWhy yes | |
SyslogSuccess yes | |
TemporaryDirectory /var/tmp | |
#UMask 022 | |
UMask 002 | |
UserID opendkim:opendkim | |
#Causes opendkim to add an "DKIM-Filter" header field indicating the presence of this filter in the path of the message from injection to delivery. | |
SoftwareHeader no | |
## Specifies whether or not the filter should generate report mail back | |
## to senders when verification fails and an address for such a purpose | |
## is provided. See opendkim.conf(5) for details. | |
SendReports yes | |
## ReportAddress addr | |
## default (executing user)@(hostname) | |
## | |
## Specifies the sending address to be used on From: headers of outgoing | |
## failure reports. By default, the e-mail address of the user executing | |
## the filter is used. | |
# ReportAddress "DKIM Error Postmaster" <postmaster@example.com> | |
## ReportBccAddress addr | |
## default (none) | |
## | |
## Specifies additional recipient address(es) to receive outgoing failure | |
## reports. | |
ReportBccAddress pau@example.es, admin@example.es | |
## On-DNSError (string) | |
## Selects the action to be taken when a transient DNS error is encountered. | |
## Possible values are the same as those for On-BadSignature. The default is tempfail. | |
#On-DNSError accept |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment