sibok/gist:97a8e33d5f7309b4fa1c Secret

## gistfile1.txt
## Postfix main.cf
milter_DKIM = inet:localhost:8891
milter_DMARC = inet:localhost:8893
milter_default_action = accept
milter_protocol = 6
non_smtpd_milters = $milter_DKIM
smtpd_milters = $milter_DKIM, $milter_DMARC

## OpenDKIM opendkim.conf
## http://www.opendkim.org/opendkim.conf.5.html
## If "true", results for all signatures will be reported by an added Authentication-Results header field. Otherwise, only one signature will be reported, and which one depends on the TrustSignaturesFrom setting or, in its absence, which
 one(s) passed first or, if none passed, which one was found first during message processing.
AddAllSignatureResults  yes

#ADSPDiscard             yes

ADSPNoSuchDomain        yes

AllowSHA1Only           no

## Add an "Authentication-Results:" header field even to unsigned messages from domains with no "signs all" policy. The reported DKIM result will be "none" in such cases. Normally unsigned mail from non-strict domains does not cause the
results header field to be added.
AlwaysAddARHeader       yes

## Specifies a set of header fields that should be included in all signature header lists (the "h=" tag) once more than the number of times they were actually present in the signed message. The set is empty by default. The purpose of thi
s, and especially of listing an absent header field, is to prevent the addition of important fields between the signer and the verifier. Since the verifier would include that header field when performing verification if it had been added
 by an intermediary, the signed message and the verified message were different and the verification would fail. Note that listing a field name here and not listing it in the SignHeaders list is likely to generate invalid signatures.
#OversignHeaders From

## Specifies the set of header fields that should be included when generating signatures. If the list omits any header field that is mandated by the DKIM specification, those fields are implicitly added. By default, those fields listed i
n the DKIM specification as "SHOULD" be signed (RFC6376, Section 5.4) will be signed by the filter. See the OmitHeaders configuration option for more information about the format and interpretation of this field.
#SignHeaders

## Suppresses removal of Authentication-Results header fields containing DKIM results apparently added by this filter (usually the result of a misconfiguration or a forgery).
#KeepAuthResults

## Sets the "authserv-id" to use when generating the Authentication-Results: header field after verifying a message. The default is to use the name of the MTA processing the message. If the string "HOSTNAME" is provided, the name of the
host running the filter (as returned by the gethostname(3) function) will be used.
# AuthservID

## If true, when a policy evaluation fails and the signing site advertises a reporting address (i.e. r=user in its policy record) and a request for reports of such failures, the filter will send a structured report to that address contai
ning details of the incident.
SendADSPReports         yes

## When signing, includes a request for signature evaluation failures in the signature. (See draft-ietf-marf-dkim-reporting for details.)
RequestReports         yes

## Specifies the string to use in the From: header field for outgoing reports (see SendReports and SendADSPReports below). If not specified, the executing user and local hostname will be used to construct the address.
ReportAddress          noreply-dkim-support@example.es

## Specifies address(es) to include in a Bcc: header field on outgoing reports (see SendReports and SendADSPReports below). If multiple addresses are required, they should be comma separated.
ReportBccAddress       admin@example.es

## Specifies the path to an executable to be used for sending mail such as that generated by SendADSPReports and SendReports. The default is @SENDMAIL_PATH@. The executable should accept typical sendmail(8) command line options "−t" (tak
e addresses from message body) and "−f" (set envelope sender), accept the new message on its standard input, and return a non-zero exit status on any error.
MTACommand              ReportCommand /usr/sbin/sendmail -t -F 'DKIM Postmaster'

AutoRestart             yes
AutoRestartRate         10/1h
BaseDirectory           /var/run/opendkim
Canonicalization        relaxed/simple
# add all your domains here and seperate them with comma
Domain                  cv-coach.com,ofertamus.es,ofertamus.com,example.es,example.com
ExternalIgnoreList      /etc/dkim/trusted-hosts
InternalHosts           /etc/dkim/trusted-hosts
KeyTable                refile:/etc/dkim/KeyTable
SigningTable            refile:/etc/dkim/SigningTable
LocalADSP               /etc/dkim/local-adsp-rules
SubDomains              true
Mode                    sv
#MTA                     MSA
MTA                     host.example.es #mail.example.es

#On-Default              reject
On-Default              accept

#On-BadSignature         reject
On-BadSignature         accept

On-DNSError             tempfail

On-InternalError        accept

On-NoSignature          accept

On-Security             discard
On-Security             tempfail

PidFile                 /var/run/opendkim/opendkim.pid
QueryCache              yes

#RemoveOldSignatures     yes
RemoveOldSignatures     no

Selector                default
SignatureAlgorithm      rsa-sha1
Socket                  inet:8891@localhost
#Socket                  local:/run/opendkim/socket
#Socket                  local:/var/spool/postfix/var/run/opendkim/opendkim.sock
Syslog                  yes
LogWhy                  yes
SyslogSuccess           yes
TemporaryDirectory      /var/tmp
#UMask                   022
UMask                   002
UserID                  opendkim:opendkim

#Causes opendkim to add an "DKIM-Filter" header field indicating the presence of this filter in the path of the message from injection to delivery.
SoftwareHeader          no

##  Specifies whether or not the filter should generate report mail back
##  to senders when verification fails and an address for such a purpose
##  is provided.  See opendkim.conf(5) for details.
SendReports             yes

##  ReportAddress addr
##      default (executing user)@(hostname)
##
##  Specifies the sending address to be used on From: headers of outgoing
##  failure reports.  By default, the e-mail address of the user executing
##  the filter is used.
# ReportAddress         "DKIM Error Postmaster" <postmaster@example.com>

##  ReportBccAddress addr
##      default (none)
##
##  Specifies additional recipient address(es) to receive outgoing failure
##  reports.
ReportBccAddress      pau@example.es, admin@example.es

## On-DNSError (string)
## Selects the action to be taken when a transient DNS error is encountered.
## Possible values are the same as those for On-BadSignature.  The default is tempfail.
#On-DNSError accept
	## Postfix main.cf
	milter_DKIM = inet:localhost:8891
	milter_DMARC = inet:localhost:8893
	milter_default_action = accept
	milter_protocol = 6
	non_smtpd_milters = $milter_DKIM
	smtpd_milters = $milter_DKIM, $milter_DMARC

	## OpenDKIM opendkim.conf
	## http://www.opendkim.org/opendkim.conf.5.html
	## If "true", results for all signatures will be reported by an added Authentication-Results header field. Otherwise, only one signature will be reported, and which one depends on the TrustSignaturesFrom setting or, in its absence, which
	one(s) passed first or, if none passed, which one was found first during message processing.
	AddAllSignatureResults yes

	#ADSPDiscard yes

	ADSPNoSuchDomain yes

	AllowSHA1Only no

	## Add an "Authentication-Results:" header field even to unsigned messages from domains with no "signs all" policy. The reported DKIM result will be "none" in such cases. Normally unsigned mail from non-strict domains does not cause the
	results header field to be added.
	AlwaysAddARHeader yes

	## Specifies a set of header fields that should be included in all signature header lists (the "h=" tag) once more than the number of times they were actually present in the signed message. The set is empty by default. The purpose of thi
	s, and especially of listing an absent header field, is to prevent the addition of important fields between the signer and the verifier. Since the verifier would include that header field when performing verification if it had been added
	by an intermediary, the signed message and the verified message were different and the verification would fail. Note that listing a field name here and not listing it in the SignHeaders list is likely to generate invalid signatures.
	#OversignHeaders From

	## Specifies the set of header fields that should be included when generating signatures. If the list omits any header field that is mandated by the DKIM specification, those fields are implicitly added. By default, those fields listed i
	n the DKIM specification as "SHOULD" be signed (RFC6376, Section 5.4) will be signed by the filter. See the OmitHeaders configuration option for more information about the format and interpretation of this field.
	#SignHeaders

	## Suppresses removal of Authentication-Results header fields containing DKIM results apparently added by this filter (usually the result of a misconfiguration or a forgery).
	#KeepAuthResults

	## Sets the "authserv-id" to use when generating the Authentication-Results: header field after verifying a message. The default is to use the name of the MTA processing the message. If the string "HOSTNAME" is provided, the name of the
	host running the filter (as returned by the gethostname(3) function) will be used.
	# AuthservID

	## If true, when a policy evaluation fails and the signing site advertises a reporting address (i.e. r=user in its policy record) and a request for reports of such failures, the filter will send a structured report to that address contai
	ning details of the incident.
	SendADSPReports yes

	## When signing, includes a request for signature evaluation failures in the signature. (See draft-ietf-marf-dkim-reporting for details.)
	RequestReports yes

	## Specifies the string to use in the From: header field for outgoing reports (see SendReports and SendADSPReports below). If not specified, the executing user and local hostname will be used to construct the address.
	ReportAddress noreply-dkim-support@example.es

	## Specifies address(es) to include in a Bcc: header field on outgoing reports (see SendReports and SendADSPReports below). If multiple addresses are required, they should be comma separated.
	ReportBccAddress admin@example.es

	## Specifies the path to an executable to be used for sending mail such as that generated by SendADSPReports and SendReports. The default is @SENDMAIL_PATH@. The executable should accept typical sendmail(8) command line options "−t" (tak
	e addresses from message body) and "−f" (set envelope sender), accept the new message on its standard input, and return a non-zero exit status on any error.
	MTACommand ReportCommand /usr/sbin/sendmail -t -F 'DKIM Postmaster'

	AutoRestart yes
	AutoRestartRate 10/1h
	BaseDirectory /var/run/opendkim
	Canonicalization relaxed/simple
	# add all your domains here and seperate them with comma
	Domain cv-coach.com,ofertamus.es,ofertamus.com,example.es,example.com
	ExternalIgnoreList /etc/dkim/trusted-hosts
	InternalHosts /etc/dkim/trusted-hosts
	KeyTable refile:/etc/dkim/KeyTable
	SigningTable refile:/etc/dkim/SigningTable
	LocalADSP /etc/dkim/local-adsp-rules
	SubDomains true
	Mode sv
	#MTA MSA
	MTA host.example.es #mail.example.es

	#On-Default reject
	On-Default accept

	#On-BadSignature reject
	On-BadSignature accept

	On-DNSError tempfail

	On-InternalError accept

	On-NoSignature accept

	On-Security discard
	On-Security tempfail

	PidFile /var/run/opendkim/opendkim.pid
	QueryCache yes

	#RemoveOldSignatures yes
	RemoveOldSignatures no

	Selector default
	SignatureAlgorithm rsa-sha1
	Socket inet:8891@localhost
	#Socket local:/run/opendkim/socket
	#Socket local:/var/spool/postfix/var/run/opendkim/opendkim.sock
	Syslog yes
	LogWhy yes
	SyslogSuccess yes
	TemporaryDirectory /var/tmp
	#UMask 022
	UMask 002
	UserID opendkim:opendkim

	#Causes opendkim to add an "DKIM-Filter" header field indicating the presence of this filter in the path of the message from injection to delivery.
	SoftwareHeader no

	## Specifies whether or not the filter should generate report mail back
	## to senders when verification fails and an address for such a purpose
	## is provided. See opendkim.conf(5) for details.
	SendReports yes

	## ReportAddress addr
	## default (executing user)@(hostname)
	##
	## Specifies the sending address to be used on From: headers of outgoing
	## failure reports. By default, the e-mail address of the user executing
	## the filter is used.
	# ReportAddress "DKIM Error Postmaster" <postmaster@example.com>

	## ReportBccAddress addr
	## default (none)
	##
	## Specifies additional recipient address(es) to receive outgoing failure
	## reports.
	ReportBccAddress pau@example.es, admin@example.es

	## On-DNSError (string)
	## Selects the action to be taken when a transient DNS error is encountered.
	## Possible values are the same as those for On-BadSignature. The default is tempfail.
	#On-DNSError accept