# Building the image
```sh
docker build --rm -t opendkim:latest .
```

# Generating private key
Before running the private key must be generated using opendkim-keygen or supplied.
```sh
# Generate private key.
opendkim-genkey --bits=2048 --selector=dkim --restrict --verbose

# Getting publickey for DNS record.
cat dkim.txt | tr -d "\"\n\" \t" | sed -r "s/.*\((.*)\).*/\\1\n/"
```

# Running the image
```sh
docker run -it --rm --name opendkim -p 8892:8892 -v /path/dkim.private:/opt/opendkim/keys/dkim.private opendkim:latest
```

# Environment variables
These values are default and can be overriden by declaring environment variable with naother value.
```sh
# Attempts to become the specified userid before starting operations. The value is of the form userid[:group].
OPENDKIM_USERID="opendkim"

# Specifies the socket that should be established by the filter to receive connections.
OPENDKIM_SOCKET="inet:8892@0.0.0.0"

# A set of domains whose mail should be signed by this filter.
OPENDKIM_DOMAIN="*"

# Gives the location of a PEM-formatted private key to be used for signing all messages. Ignored if a KeyTable is defined.
OPENDKIM_KEYFILE="/opt/opendkim/keys/dkim.private"

# Defines the name of the selector to be used when signing messages.
OPENDKIM_SELECTOR="dkim"

# Selects the canonicalization method(s) to be used when signing messages.
OPENDKIM_CANONICALIZATION="relaxed/simple"

# Selects operating modes. The string is a concatenation of characters
# that indicate which mode(s) of operation are desired. Valid modes are s (signer) and v (verifier).
OPENDKIM_MODE="sv"

# Sign subdomains of those listed by the Domain parameter as well as the actual domains.
OPENDKIM_SUBDOMAINS="true"

# Specifies a set of header fields that should be included in all signature header lists (the "h=" tag) 
# once more than the number of times they were actually present in the signed message.
OPENDKIM_OVERSIGNHEADERS="From"

# Specifies a file from which trust anchor data should be read when doing DNS queries and applying the DNSSEC protocol.
OPENDKIM_TRUSTANCHORFILE="/usr/share/dns/root.key"

# Identifies a set internal hosts whose mail should be signed rather than verified.
OPENDKIM_INTERNALHOSTS="127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8"
```