# Additional options for the Domain Key Milter
# see dkim-filter(8) for more information.

# where to listen
SOCKETSPEC="inet:8026@localhost"

# comma seperated list of domain names to sign mail for.
# add -D to DKIM_FILTER_OPTS if you want to sign subdomains as well
# read dkim-filter(8).  optional if only verifying
DOMAIN="example.com"

# usually the hostname of the signing server but no hard rules
# optional if only verifying
SELECTOR="domainkey"

# path to keyfile.  optional if only verifying
KEYPATH="/etc/mail/dkim-filter/$SELECTOR.private"

# system account for dkim-milter
DKIM_USER="milter"

# simple/simple or relaxed/simple
# optional if only verifying
CANON="relaxed/simple"

# openssl >= 0.9.8 needed for rsa-sha256
# optional if only verifying
SIGNALG="rsa-sha1"

# 
PIDFILE="/var/run/dkim-filter/dkim-filter.pid"

# s, v or sv (sign, verify, sign and verify)
MODE="s"

# The above options will be used as:
# (not all will be used if dkim-milter is in verify only mode)
# DKIM_FILTER_OPTS="-u $USER -l -p $SOCKETSPEC -c $CANON -d $DOMAIN -k $KEYPATH -S $SIGNALG -P $PIDFILE -b $MODE -s $SELECTOR"