OpenDKIM support

5 files changed, 79 insertions, 0 deletions

diff --git a/files/opendkim/KeyTable b/files/opendkim/KeyTable
new file mode 100644
index 0000000..b1578e2
--- /dev/null
+++ b/files/opendkim/KeyTable
@@ -0,0 +1,3 @@
+#mail._domainkey.example.com example.com:mail:/etc/opendkim/keys/example.com/mail.private
+#mail._domainkey.example.net example.net:mail:/etc/opendkim/keys/example.net/mail.private
+#mail._domainkey.example.org example.org:mail:/etc/opendkim/keys/example.org/mail.private
diff --git a/files/opendkim/SigningTable b/files/opendkim/SigningTable
new file mode 100644
index 0000000..abee429
--- /dev/null
+++ b/files/opendkim/SigningTable
@@ -0,0 +1,3 @@
+#*@example.com mail._domainkey.example.com
+#*@example.net mail._domainkey.example.net
+#*@example.org mail._domainkey.example.org
diff --git a/files/opendkim/TrustedHosts b/files/opendkim/TrustedHosts
new file mode 100644
index 0000000..7fa5b0c
--- /dev/null
+++ b/files/opendkim/TrustedHosts
@@ -0,0 +1,7 @@
+127.0.0.1
+localhost
+192.168.0.1/24
+
+#*.example.com
+#*.example.net
+#*.example.org
diff --git a/files/opendkim/default b/files/opendkim/default
new file mode 100644
index 0000000..1098626
--- /dev/null
+++ b/files/opendkim/default
@@ -0,0 +1,11 @@
+# Command-line options specified here will override the contents of
+# /etc/opendkim.conf. See opendkim(8) for a complete list of options.
+#DAEMON_OPTS=""
+#
+# Uncomment to specify an alternate socket
+# Note that setting this will override any Socket value in opendkim.conf
+#SOCKET="local:/var/run/opendkim/opendkim.sock" # default
+#SOCKET="inet:54321" # listen on all interfaces on port 54321
+#SOCKET="inet:12345@localhost" # listen on loopback on port 12345
+#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345
+SOCKET="inet:12301@localhost"
diff --git a/files/opendkim/opendkim.conf b/files/opendkim/opendkim.conf
new file mode 100644
index 0000000..695156a
--- /dev/null
+++ b/files/opendkim/opendkim.conf
@@ -0,0 +1,55 @@
+# This is a basic configuration that can easily be adapted to suit a standard
+# installation. For more advanced options, see opendkim.conf(5) and/or
+# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
+
+# Log to syslog
+Syslog                  yes
+# Required to use local socket with MTAs that access the socket as a non-
+# privileged user (e.g. Postfix)
+UMask                   002
+
+# Sign for example.com with key in /etc/mail/dkim.key using
+# selector '2007' (e.g. 2007._domainkey.example.com)
+#Domain                 example.com
+#KeyFile                /etc/mail/dkim.key
+#Selector               2007
+
+# Commonly-used options; the commented-out versions show the defaults.
+#Canonicalization       simple
+#Mode                   sv
+#SubDomains             no
+#ADSPDiscard            no
+
+# Always oversign From (sign using actual From and a null From to prevent
+# malicious signatures header fields (From and/or others) between the signer
+# and the verifier.  From is oversigned by default in the Debian pacakge
+# because it is often the identity key used by reputation systems and thus
+# somewhat security sensitive.
+OversignHeaders         From
+
+# List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures
+# (ATPS) (experimental)
+
+#ATPSDomains            example.com
+
+AutoRestart             Yes
+AutoRestartRate         10/1h
+UMask                   002
+Syslog                  yes
+SyslogSuccess           Yes
+LogWhy                  Yes
+
+Canonicalization        relaxed/simple
+
+ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
+InternalHosts           refile:/etc/opendkim/TrustedHosts
+KeyTable                refile:/etc/opendkim/KeyTable
+SigningTable            refile:/etc/opendkim/SigningTable
+
+Mode                    sv
+PidFile                 /var/run/opendkim/opendkim.pid
+SignatureAlgorithm      rsa-sha256
+
+UserID                  opendkim:opendkim
+
+Socket                  inet:12301@localhost