lostakj/opendkim-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3d166860179a3ae3ec215b58e33d90b0ffa37ec8
opendkim-docker/README.md
Jan Lošťák 3d16686017 Initial commit
2026-03-27 04:16:00 +01:00

58 lines
2.2 KiB
Markdown
Raw Blame History

# Building the image
```sh
docker build --rm -t opendkim:latest .
```
# Generating private key
Before running the private key must be generated using opendkim-keygen or supplied.
```sh
# Generate private key.
opendkim-genkey --bits=2048 --selector=dkim --restrict --verbose
# Getting publickey for DNS record.
cat dkim.txt | tr -d "\"\n\" \t" | sed -r "s/.*\((.*)\).*/\\1\n/"
```
# Running the image
```sh
docker run -it --rm --name opendkim -p 8892:8892 -v /path/dkim.private:/opt/opendkim/keys/dkim.private opendkim:latest
```
# Environment variables
These values are default and can be overriden by declaring environment variable with naother value.
```sh
# Attempts to become the specified userid before starting operations. The value is of the form userid[:group].
OPENDKIM_USERID="opendkim"
# Specifies the socket that should be established by the filter to receive connections.
OPENDKIM_SOCKET="inet:8892@0.0.0.0"
# A set of domains whose mail should be signed by this filter.
OPENDKIM_DOMAIN="*"
# Gives the location of a PEM-formatted private key to be used for signing all messages. Ignored if a KeyTable is defined.
OPENDKIM_KEYFILE="/opt/opendkim/keys/dkim.private"
# Defines the name of the selector to be used when signing messages.
OPENDKIM_SELECTOR="dkim"
# Selects the canonicalization method(s) to be used when signing messages.
OPENDKIM_CANONICALIZATION="relaxed/simple"
# Selects operating modes. The string is a concatenation of characters
# that indicate which mode(s) of operation are desired. Valid modes are s (signer) and v (verifier).
OPENDKIM_MODE="sv"
# Sign subdomains of those listed by the Domain parameter as well as the actual domains.
OPENDKIM_SUBDOMAINS="true"
# Specifies a set of header fields that should be included in all signature header lists (the "h=" tag)
# once more than the number of times they were actually present in the signed message.
OPENDKIM_OVERSIGNHEADERS="From"
# Specifies a file from which trust anchor data should be read when doing DNS queries and applying the DNSSEC protocol.
OPENDKIM_TRUSTANCHORFILE="/usr/share/dns/root.key"
# Identifies a set internal hosts whose mail should be signed rather than verified.
OPENDKIM_INTERNALHOSTS="127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8"
```
Reference in New Issue View Git Blame Copy Permalink