# Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (e.g. Postfix) #UMask 002 # dkim-milter (2.5.2.dfsg-1ubuntu1) hardy: # Disable new umask option by default (not needed since Ubuntu default # uses a TCP socket instead of a Unix socket). # Attempt to become the specified userid before starting operations. #UserID 105 # 'id postfix' in your shell # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (e.g. 2007._domainkey.example.com) Domain example.com KeyFile /etc/mail/dkim.key # See bellow how to generate and set up the key Selector mail # Common settings. See dkim-filter.conf(5) for more information. AutoRestart yes Background yes Canonicalization relaxed/relaxed DNSTimeout 5 Mode sv SignatureAlgorithm rsa-sha256 SubDomains no #UseASPDiscard no #Version rfc4871 X-Header no #InternalHosts /etc/mail/dkim-InternalHosts.txt # The contents of /etc/mail/dkim-InternalHosts.txt should be # 127.0.0.1/8 # 192.168.1.0/24 # other.internal.host.domain.tld # You need InternalHosts if you are signing e-mails on a gateway mail server # for each of the computers on your LAN. ############################################### # Other (less-standard) configuration options # ############################################### # # If enabled, log verification stats here Statistics /var/log/dkim-filter/dkim-stats # # KeyList is a file containing tuples of key information. Requires # KeyFile to be unset. Each line of the file should be of the format: # sender glob:signing domain:signing key file # Blank lines and lines beginning with # are ignored. Selector will be # derived from the key's filename. #KeyList /etc/dkim-keys.conf # # If enabled, will generate verification failure reports for any messages # that fail signature verification. These will be sent to the r= address # in the policy record, if any. #ReportInfo yes # # If enabled, will issue a Sendmail QUARANTINE for any messages that fail # signature verification, allowing them to be inspected later. #Quarantine yes # # If enabled, will check for required headers when processing messages. # At a minimum, that means From: and Date: will be required. Messages not # containing the required headers will not be signed or verified, but will # be passed through #RequiredHeaders yes