# OpenDKIM Configuration On-BadSignature reject On-Security reject Syslog yes SyslogSuccess yes LogResults yes Canonicalization simple Mode sv OversignHeaders From Domain {{ domain }} Selector {{ dkim_selector }} KeyFile /etc/dkimkeys/{{ dkim_selector }}.pem UserID opendkim UMask 007 Socket local:/var/spool/postfix/opendkim/opendkim.sock PidFile /run/opendkim/opendkim.pid TemporaryDirectory /run/opendkim InternalHosts 127.0.0.1 TrustAnchorFile /usr/share/dns/root.key RequireSafeKeys True AlwaysAddARHeader True