# {{ ansible_managed }}

# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.

Syslog          yes
LogWhy          yes
PidFile         /var/run/opendkim/opendkim.pid
Socket          local:/var/spool/postfix/opendkim/opendkim.sock
UMask           002
UserID          opendkim

# Map domains in From addresses to keys used to sign messages
KeyTable        file:/etc/opendkim/key.table
SigningTable    file:/etc/opendkim/signing.table

# Hosts to ignore when verifying signatures
ExternalIgnoreList /etc/opendkim/trusted.hosts
InternalHosts      /etc/opendkim/trusted.hosts

# Commonly-used options; the commented-out versions show the defaults.
Canonicalization    relaxed/simple
Mode            sv
SubDomains      yes
#ADSPAction     continue
AutoRestart     yes
AutoRestartRate 10/1M
Background      yes
DNSTimeout      5
SignatureAlgorithm  rsa-sha256

# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier.  From is oversigned by default in the Debian package
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders     From