# Disable log to syslog because we want to log in stdout.
Syslog                true

# Log via calls to syslog(3) additional entries indicating successful signing or verification of messages.
SyslogSuccess         true

# If logging is enabled (see Syslog below), issues very detailed logging about the
# logic behind the filter’s decision to either sign a message or verify it.
LogWhy                true

# Specifies the path to a file that should be created at process start containing the process ID.
PidFile               /var/run/opendkim/opendkim.pid

# Attempts to become the specified userid before starting operations. The value is of the form userid[:group].
UserID                {{ .Env.OPENDKIM_USERID }}

# Specifies the socket that should be established by the filter to receive connections.
Socket                {{ .Env.OPENDKIM_SOCKET }}

# A set of domains whose mail should be signed by this filter.
Domain                {{ .Env.OPENDKIM_DOMAIN }}

# Gives the location of a PEM-formatted private key to be used for signing all messages. Ignored if a KeyTable is defined.
KeyFile               /var/opendkim/dkim.private

# Defines the name of the selector to be used when signing messages.
Selector              {{ .Env.OPENDKIM_SELECTOR }}

# Selects the canonicalization method(s) to be used when signing messages.
Canonicalization      {{ .Env.OPENDKIM_CANONICALIZATION }}

# Selects operating modes. The string is a concatenation of characters
# that indicate which mode(s) of operation are desired. Valid modes are s (signer) and v (verifier).
Mode                  {{ .Env.OPENDKIM_MODE }}

# Sign subdomains of those listed by the Domain parameter as well as the actual domains.
SubDomains            {{ .Env.OPENDKIM_SUBDOMAINS }}

# Specifies a set of header fields that should be included in all signature header lists (the "h=" tag) 
# once more than the number of times they were actually present in the signed message.
OversignHeaders       {{ .Env.OPENDKIM_OVERSIGNHEADERS }}

# Specifies a file from which trust anchor data should be read when doing DNS queries and applying the DNSSEC protocol.
TrustAnchorFile       {{ .Env.OPENDKIM_TRUSTANCHORFILE }}

# Identifies a set internal hosts whose mail should be signed rather than verified.
InternalHosts {{ .Env.OPENDKIM_INTERNALHOSTS }}