{"id":356,"date":"2012-08-23T17:40:11","date_gmt":"2012-08-23T20:40:11","guid":{"rendered":"http:\/\/linuxrs.com.br\/?p=356"},"modified":"2012-08-23T17:40:11","modified_gmt":"2012-08-23T20:40:11","slug":"dkim-filter-conf","status":"publish","type":"post","link":"https:\/\/blog.clusterweb.com.br\/?p=356","title":{"rendered":"Dkim-filter.conf"},"content":{"rendered":"

NAME<\/strong><\/h4>\n
       dkim-filter.conf<\/strong> - Configuration file for dkim-filter<\/pre>\n
LOCATION<\/strong><\/h4>\n
       \/etc\/mail\/dkim-filter.conf<\/span><\/pre>\n
DESCRIPTION<\/strong><\/h4>\n
       dkim-filter<\/a>(8)<\/span>  implements  the  DKIM<\/strong>  specification  for  signing  and\r\n       verifying e-mail messages on a per-domain  basis.   This  file  is  its\r\n       configuration file, read on startup only.\r\n\r\n       Blank  lines  are ignored.  Lines containing a hash (\"#\") character are\r\n       truncated at the hash character to allow for comments in the file.\r\n\r\n       Other content should be the name of  a  parameter,  followed  by  white\r\n       space,  followed  by  the  value  of that parameter, each on a separate\r\n       line.\r\n\r\n       For parameters which are Boolean in nature, only the first byte of  the\r\n       value  is  processed.  For positive values, the following are accepted:\r\n       \"T\", \"t\", \"Y\", \"y\",  \"1\".   For  negative  values,  the  following  are\r\n       accepted: \"F\", \"f\", \"N\", \"n\", \"0\".\r\n\r\n       Many,  but  not  all, of these parameters are also available as command\r\n       line options to dkim-filter<\/a>(8).<\/span>  However, new parameters are  generally\r\n       not  added  as  command  line options so the complete set of options is\r\n       available here, and thus use of the configuration file  is  encouraged.\r\n       In  some  future  release, the set of available command line options is\r\n       likely to get trimmed.\r\n\r\n       See the dkim-filter<\/a>(8)<\/span> man page for details  about  how  and  when  the\r\n       configuration file contents are reloaded.<\/pre>\n
PARAMETERS<\/strong><\/h4>\n
       AllowSHA1Only<\/span> (Boolean)<\/span>\r\n              Permit verify mode when only SHA1 support is available.  RFC4871\r\n              requires that verifiers implement both SHA1 and SHA256  support.\r\n              Setting  this feature changes the absence of SHA256 support from\r\n              an error to a warning.\r\n\r\n       AlwaysAddARHeader<\/span> (Boolean)<\/span>\r\n              Add  an  \"Authentication-Results:\"  header  even   to   unsigned\r\n              messages  from domains with no \"signs all\" policy.  The reported\r\n              DKIM result will be \"none\" in  such  cases.   Normally  unsigned\r\n              mail  from  non-strict domains does not cause the results header\r\n              to be added.\r\n\r\n       AlwaysSignHeaders<\/span> (string)<\/span>\r\n              Specifies a list of headers which  should  be  included  in  all\r\n              signature  header  lists  (the  \"h=\"  tag) even if they were not\r\n              present at the time the signature  was  generated.   The  string\r\n              should  be  a comma-separated list of header names.  The list is\r\n              empty by default.  The purpose of listing an absent header is to\r\n              prevent  its addition between the signer and the verifier, since\r\n              the verifier would include that header if  it  were  added  when\r\n              performing verification, which would mean the signed message and\r\n              the verified message were different and the  verification  would\r\n              fail.\r\n\r\n       AutoRestart<\/span> (Boolean)<\/span>\r\n              Automatically  re-start  on  failures.  Use with caution; if the\r\n              filter fails instantly after it starts, this can cause  a  tight\r\n              fork<\/a>(2)<\/span> loop.\r\n\r\n       AutoRestartCount<\/span> (integer)<\/span>\r\n              Sets  the maximum automatic restart count.  After this number of\r\n              automatic restarts, the filter will give up  and  terminate.   A\r\n              value of 0 implies no limit; this is the default.\r\n\r\n       AutoRestartRate<\/span> (string)<\/span>\r\n              Sets  the  maximum automatic restart rate.  If the filter begins\r\n              restarting faster than the rate defined here, it  will  give  up\r\n              and  terminate.   This is a string of the form n\/t[u]<\/span> where n<\/span> is\r\n              an integer limiting the count of restarts in the given  interval\r\n              and  t[u]<\/span>  defines  the  time interval through which the rate is\r\n              calculated; t<\/span> is  an  integer  and  u<\/span>  defines  the  units  thus\r\n              represented (\"s\" or \"S\" for seconds, the default; \"m\" or \"M\" for\r\n              minutes; \"h\" or \"H\" for  hours;  \"d\"  or  \"D\"  for  days).   For\r\n              example,  a  value  of  \"10\/1h\" limits the restarts to 10 in one\r\n              hour.  There is no default, meaning restart rate is not limited.\r\n\r\n       Background<\/span> (Boolean)<\/span>\r\n              Normally  dkim-filter<\/span>  forks  and exits immediately, leaving the\r\n              service running in the background.  This  flag  suppresses  that\r\n              behaviour so that it runs in the foreground.\r\n\r\n       BodyLengths<\/span> (Boolean)<\/span>\r\n              Requests  that dkim-filter<\/span> include the \"l=\" body length tag when\r\n              generating signatures.  This indicates to the verifier that only\r\n              a  certain  amount  of the original message was signed, allowing\r\n              tolerance of things like  mailing  list  managers  which  append\r\n              list-specific   text  to  the  end  of  mailings  it  processes.\r\n              However, this also  enables  an  abuse  attack.   See  the  DKIM\r\n              specification for more information.\r\n\r\n       Canonicalization<\/span> (string)<\/span>\r\n              Selects  the  canonicalization method(s) to be used when signing\r\n              messages.  When verifying, the message\u2019s DKIM-Signature:  header\r\n              specifies  the  canonicalization  method.  The recognized values\r\n              are relaxed<\/span> and simple<\/span> as defined  by  the  DKIM  specification.\r\n              The  default  is  simple.<\/span>   The  value may include two different\r\n              canonicalizations separated by a slash (\"\/\") character, in which\r\n              case  the first will be applied to the headers and the second to\r\n              the body.\r\n\r\n       ClockDrift<\/span> (integer)<\/span>\r\n              Sets the tolerance in seconds to  be  applied  when  determining\r\n              whether  a  signature  was  either  expired  or generated in the\r\n              future.  The default is 300.\r\n\r\n       Diagnostics<\/span> (Boolean)<\/span>\r\n              Requests the inclusion of \"z=\" tags in signatures, which  encode\r\n              the  original  header  set  for use by verifiers when diagnosing\r\n              verification failures.  Not recommended for normal operation.\r\n\r\n       DNSTimeout<\/span> (integer)<\/span>\r\n              Sets the DNS timeout  in  seconds.   A  value  of  0  causes  an\r\n              infinite  wait.   The  default  is  5.  Ignored if not using the\r\n              asynchronous resolver  package.   See  also  the  NOTES  section\r\n              below.\r\n\r\n       Domain<\/span> (string)<\/span>\r\n              A comma-separated list of domains whose mail should be signed by\r\n              this filter.  Mail from other domains will  be  verified  rather\r\n              than being signed.\r\n\r\n              The  value  of  this parameter may also be a filename from which\r\n              domain names will be read.  The \"#\" character in such a file  is\r\n              assumed  to  indicate  a comment.  An absolute path must be used\r\n              (i.e. the first character must be a \"\/\").\r\n\r\n              In either case, the  domain  name(s)  may  contain  the  special\r\n              character  \"*\" which is treated as a wildcard character matching\r\n              zero or more characters in a domain name.\r\n\r\n       ExternalIgnoreList<\/span> (string)<\/span>\r\n              Identifies a file  of  \"external\"  hosts  which  may  send  mail\r\n              through  the  server  as  one  of  the  signing  domains without\r\n              credentials as such.  Basically suppresses  the  \"external  host\r\n              (hostname)  tried  to  send  mail  as  (domain)\"  log  messages.\r\n              Entries in the file should be of the same form as those  of  the\r\n              PeerList<\/span> option below.  The list is empty by default.\r\n\r\n       FixCRLF<\/span> (Boolean)<\/span>\r\n              Requests that the DKIM library convert bare CRs and LFs to CRLFs\r\n              during body canonicalization, anticipating that an MTA somewhere\r\n              before  delivery will do that conversion anyway.  The default is\r\n              to leave them as-is.\r\n\r\n       Include<\/span> (string)<\/span>\r\n              Names  a  file  to  be  opened  and  read   as   an   additional\r\n              configuration  file.   Nesting  is  allowed to a maximum of five\r\n              levels.\r\n\r\n       InternalHosts<\/span> (string)<\/span>\r\n              Identifies a file of internal hosts whose mail should be  signed\r\n              rather than verified.  Entries in this file follow the same form\r\n              as those of the PeerList<\/span> option below.  If  not  specified,  the\r\n              default of \"127.0.0.1\" is applied.  Naturally, providing a value\r\n              here overrides the default, so if mail from 127.0.0.1 should  be\r\n              signed,  the  list  provided  here  should  include that address\r\n              explicitly.\r\n\r\n       KeyFile<\/span> (string)<\/span>\r\n              Gives the location of a PEM-formatted private key to be used for\r\n              signing all messages.  Ignored if KeyList<\/span> is defined.\r\n\r\n       KeyList<\/span> (string)<\/span>\r\n              Gives  the  location  of  a  file listing rules for signing with\r\n              multiple keys.  If present, overrides any KeyFile<\/span> setting in the\r\n              conifguration file.  The file named here should contain a set of\r\n              lines of the  form  sender-pattern:signing-domain:keypath<\/span>  where\r\n              sender-pattern<\/span>  is  a  pattern  to match against message senders\r\n              (with the special character \"*\" interpreted  as  \"zero  or  more\r\n              characters\"),  signing-domain<\/span>  is  the domain to announce as the\r\n              signing domain when generating signatures, and  keypath<\/span>  is  the\r\n              path  to  the  PEM-formatted  private key to be used for signing\r\n              messages which match the sender-pattern.<\/span>  The selector  used  in\r\n              the  signature  will be the filename portion of keypath.<\/span>  If the\r\n              file referenced by keypath<\/span> cannot be opened, the filter will try\r\n              again  by appending \".pem\" and then \".private\" before giving up.\r\n\r\n       LogWhy<\/span> (boolean)<\/span>\r\n              If logging is enabled (see Syslog<\/span> below), issues  very  detailed\r\n              logging  about  the logic behind the filter\u2019s decision to either\r\n              sign a message or verify it.  The logic behind the  decision  is\r\n              non-trivial  and can be confusing to administrators not familiar\r\n              with its operation.  A description of how the decision  is  made\r\n              can be found in the OPERATIONS section of the dkim-filter<\/a>(8)<\/span> man\r\n              page.  This causes a large increase in the amount  of  log  data\r\n              generated for each message, so it should be limited to debugging\r\n              use and not enabled for general operation.\r\n\r\n       MacroList<\/span> (string)<\/span>\r\n              Defines a set of MTA-provided macros<\/span> which should be checked  to\r\n              see  if  the  sender  has been determined to be a local user and\r\n              therefore whether or not the message should  be  signed.   If  a\r\n              value<\/span>  is  specified,  the value of the macro must match a value\r\n              specified (matching is case-sensitive), otherwise the macro must\r\n              be  defined  but  may  contain  any  value.  The set is empty by\r\n              default.    The   general    format    of    the    string    is\r\n              test1[,test2[,...]]<\/span>    where   a   \"test\"   is   of   the   form\r\n              macro[=value1[|value2[|...]]];<\/span> if one or more value  is  defined\r\n              then  the  macro  must  be  set  to  one  of  the listed values,\r\n              otherwise the macro must be set but can contain any value.\r\n\r\n       MaximumHeaders<\/span> (integer)<\/span>\r\n              Defines the maximum number  of  bytes  the  header  block  of  a\r\n              message  may  consume before the filter will reject the message.\r\n              This mitigates a denial-of-service  attack  in  which  a  client\r\n              connects  to  the  MTA and begins feeding an unbounded number of\r\n              header fields of arbitrary size; since the filter keeps a  cache\r\n              of  these,  the  attacker  could cause the filter to allocate an\r\n              unspecified amount of memory.  The default is 65536; a value  of\r\n              0 removes the limit.\r\n\r\n       MaximumSignedBytes<\/span> (integer)<\/span>\r\n              Specifies  the  maximum  number  of  bytes of message body to be\r\n              signed.  Messages shorter than this  limit  will  be  signed  in\r\n              their  entirety.   Setting  this  value forces BodyLengths<\/span> to be\r\n              \"True\".\r\n\r\n       MilterDebug<\/span> (integer)<\/span>\r\n              Sets the debug level to be requested from  the  milter  library.\r\n              The default is 0.\r\n\r\n       Minimum<\/span> (string)<\/span>\r\n              Instructs  the  verification  code  to fail messages for which a\r\n              partial  signature  was  received.   There  are  three  possible\r\n              formats:  min<\/span>  indicating at least min<\/span> bytes of the message must\r\n              be signed (or if the message is smaller than min<\/span> then all of  it\r\n              must be signed); min%<\/span> requiring that at least min<\/span> percent of the\r\n              received message must be signed; and min+<\/span> meaning there  may  be\r\n              no  more than min<\/span> bytes of unsigned data appended to the message\r\n              for it to be considered valid.\r\n\r\n       Mode<\/span> (string)<\/span>\r\n              Selects operating modes.   The  string  is  a  concatenation  of\r\n              characters   which  indicate  which  mode(s)  of  operation  are\r\n              desired.  Valid modes are s<\/span>  (signer)  and  v<\/span>  (verifier).   The\r\n              default  is  sv<\/span>  except in test mode (see the dkim-filter<\/a>(8)<\/span> man\r\n              page) in which case the default is v.<\/span>\r\n\r\n       MTA<\/span> (string)<\/span>\r\n              A comma-separated list  of  MTA  names  (a  la  the  sendmail<\/a>(8)<\/span>\r\n              DaemonPortOptions Name parameter) whose mail should be signed by\r\n              this filter.  There is no default.\r\n\r\n       OmitHeaders<\/span> (string)<\/span>\r\n              Specifies a  list  of  headers  which  should  be  omitted  when\r\n              generating  signatures.   The string should be a comma-separated\r\n              list of header names.  If an entry in the list names any  header\r\n              which  is  mandated  by  the  DKIM  specification,  the entry is\r\n              ignored.  A set of headers is listed in the  DKIM  specification\r\n              as  \"SHOULD  NOT\" be signed; the default list for this parameter\r\n              contains  those  headers   (Return-Path,   Received,   Comments,\r\n              Keywords,  Bcc,  Resent-Bcc  and  DKIM-Signature).   To  omit no\r\n              headers, simply use the string \"-\" (or  any  string  which  will\r\n              match  no  headers).   Note  that  specifying  a  list with this\r\n              parameter replaces the default entirely.\r\n\r\n       On-BadSignature<\/span> (string)<\/span>\r\n              Selects the action  to  be  taken  when  a  signature  fails  to\r\n              validate.    Possible   values   (with   abbreviated   forms  in\r\n              parentheses): accept<\/span> (a) accept the message; discard<\/span> (d) discard\r\n              the  message;  tempfail<\/span>  (t)  temp-fail  the message; reject<\/span> (r)\r\n              reject the message.  The default is accept.<\/span>\r\n\r\n       On-Default<\/span> (string)<\/span>\r\n              Selects the action to be taken when any verification or internal\r\n              error  of any kind is encountered.  This is processed before the\r\n              other \"On-\" values so it  can  be  used  as  a  blanket  setting\r\n              followed by specific overrides.\r\n\r\n       On-DNSError<\/span> (string)<\/span>\r\n              Selects  the  action  to  be taken when a transient DNS error is\r\n              encountered.  Possible values are the  same  as  those  for  On-<\/span>\r\n              BadSignature.<\/span>  The default is tempfail.<\/span>\r\n\r\n       On-InternalError<\/span> (string)<\/span>\r\n              Selects  the  action  to be taken when an internal error of some\r\n              kind is encountered.  Possible values are the same as those  for\r\n              On-BadSignature.<\/span>  The default is tempfail.<\/span>\r\n\r\n       On-NoSignature<\/span> (string)<\/span>\r\n              Selects  the action to be taken when a message arrives unsigned.\r\n              Possible values are the same as those for On-BadSignature.<\/span>   The\r\n              default is accept.<\/span>\r\n\r\n       On-Security<\/span> (string)<\/span>\r\n              Selects the action to be taken when a message arrives containing\r\n              properties that may be a security concern.  Possible values  are\r\n              the same as those for On-BadSignature.<\/span>  The default is tempfail.<\/span>\r\n\r\n       On-SignatureMissing<\/span> (string)<\/span>\r\n              Selects the action to be taken when a message  arrives  unsigned\r\n              from  a  domain  which advertises a \"we sign everything\" policy.\r\n              Possible values are the same as those for On-BadSignature.<\/span>   The\r\n              default is accept.<\/span>\r\n\r\n       PeerList<\/span> (string)<\/span>\r\n              Identifies  a  file  of  \"peers\"  which identifies clients whose\r\n              connections  should  be  accepted  without  processing  by  this\r\n              filter.  The file should contain on each line a hostname, domain\r\n              name  (e.g.  \".example.com\"),  IP  address,  an   IPv6   address\r\n              (including   an   IPv4  mapped  address),  or  a  CIDR-style  IP\r\n              specification (e.g. \"192.168.1.0\/24\").  An entry beginning  with\r\n              a  bang  (\"!\")  character  means  \"not\",  allowing exclusions of\r\n              specific hosts that are otherwise members of larger  sets.   The\r\n              order of entries in this file is therefore significant.\r\n\r\n       PidFile<\/span> (string)<\/span>\r\n              Specifies  the path to a file which should be created at process\r\n              start containing the process ID.\r\n\r\n       POPDBFile<\/span> (string)<\/span>\r\n              Requests that the filter consult a POP  authentication  database\r\n              named  in the string for IP addresses that should be allowed for\r\n              signing.  The filter must be compiled with the POPAUTH  flag  to\r\n              enable this feature, since it adds a library dependency.\r\n\r\n       Quarantine<\/span> (Boolean)<\/span>\r\n              Requests that messages which fail verification be quarantined by\r\n              the MTA.  (Requires a sufficiently recent version of the  milter\r\n              library.)\r\n\r\n       QueryCache<\/span> (Boolean)<\/span>\r\n              Instructs  the  DKIM  library to maintain its own local cache of\r\n              keys and policies retrieved from DNS, rather than relying on the\r\n              nameserver  for caching service.  Useful if the nameserver being\r\n              used by the filter is not local.  The filter  must  be  compiled\r\n              with  the QUERY_CACHE flag to enable this feature, since it adds\r\n              a library dependency.\r\n\r\n       RemoveARAll<\/span> (Boolean)<\/span>\r\n              Removes all Authentication-Results:  header  fields  which  also\r\n              satisfy  the  requirements  of  RemoveARFrom<\/span> below.  By default,\r\n              only those containing a DKIM result are removed.\r\n\r\n       RemoveARFrom<\/span> (string)<\/span>\r\n              Lists patterns of hostnames whose Authentication-Results: header\r\n              fields  should  be  removed  before  the  message  is passed for\r\n              delivery.  By default only  those  headers  matching  the  local\r\n              host\u2019s canonical name will be removed.  If more than one pattern\r\n              is desired, the list should  be  comma-separated.   Matching  is\r\n              only  done  on  full  hostnames  (e.g. \"host.example.com\") or on\r\n              domain names (e.g. \".example.com\").\r\n\r\n       RemoveOldSignatures<\/span> (Boolean)<\/span>\r\n              Removes all existing signatures when operating in signing  mode.\r\n\r\n       SignHeaders<\/span> (string)<\/span>\r\n              Specifies  the  list  of  headers  which should be included when\r\n              generating signatures.  The string should be  a  comma-separated\r\n              list  of  header  names.   If the list omits any header which is\r\n              mandated by the DKIM specification, those headers are implicitly\r\n              added.    By   default,   those   headers  listed  in  the  DKIM\r\n              specification as \"SHOULD\"  be  signed  will  be  signed  by  the\r\n              filter.   Specifying  a  list  here replaces that list entirely.\r\n              See the OmitHeaders<\/span> configuration option for more information.\r\n\r\n       Selector<\/span> (string)<\/span>\r\n              Defines the name  of  the  selector  to  be  used  when  signing\r\n              messages.   See  the  DKIM<\/strong> specification for details.  Used only\r\n              when signing with a single key; see the KeyList<\/span> parameter  above\r\n              for more information.\r\n\r\n       SendReports<\/span> (Boolean)<\/span>\r\n              If  true,  when  a  signature verification fails and the signing\r\n              site advertises a reporting address (i.e.   r=user@host<\/span>  in  its\r\n              policy record), the filter will send a structured report to that\r\n              address containing details needed to reproduce the problem.\r\n\r\n       SignatureAlgorithm<\/span> (string)<\/span>\r\n              Selects the signing algorithm to use when generating signatures.\r\n              If  the  filter  was  compiled against version 0.9.8 or later of\r\n              OpenSSL<\/strong> then both rsa-sha1<\/span> and rsa-sha256<\/span> are available and  the\r\n              latter  is the default.  Otherwise, only the former is available\r\n              and it is (obviously) the default.\r\n\r\n       SignatureTTL<\/span> (integer)<\/span>\r\n              Sets the time-to-live, in seconds, of  signatures  generated  by\r\n              the  filter.   If  not  set,  no  expiration  time  is  added to\r\n              signatures.\r\n\r\n       Socket<\/span> (string)<\/span>\r\n              Specifies the socket that should be established by the filter to\r\n              receive   connections  from  sendmail<\/a>(8)<\/span>  in  order  to  provide\r\n              service.  socketspec<\/span> is in one of two  forms:  local:path<\/span>  which\r\n              creates   a  UNIX  domain  socket  at  the  specified  path,<\/span>  or\r\n              inet:port[@host]<\/span> which creates a TCP  socket  on  the  specified\r\n              port.<\/span>   If  the  host<\/span> is not given as either a hostname or an IP\r\n              address, the socket will be listening on all  interfaces.   This\r\n              option  is  mandatory either in the configuration file or on the\r\n              command line.\r\n\r\n       StrictTestMode<\/span> (Boolean)<\/span>\r\n              Selects strict CRLF mode during testing (see the -t<\/span> command line\r\n              flag  in  the  dkim-filter<\/a>(8)<\/span>  man page); messages for which all\r\n              header  fields  and  body  lines  are  not  CRLF-terminated  are\r\n              considered malformed and will produce an error.\r\n\r\n       SubDomains<\/span> (Boolean)<\/span>\r\n              Sign  subdomains of those listed by the Domain<\/span> parameter as well\r\n              as the actual domains.\r\n\r\n       Syslog<\/span> (Boolean)<\/span>\r\n              Log via calls to syslog<\/a>(3)<\/span> any interesting activity.\r\n\r\n       SyslogFacility<\/span> (string)<\/span>\r\n              Log via calls  to  syslog<\/a>(3)<\/span>  using  the  named  facility.   The\r\n              facility   names   are   the   same   as  the  ones  allowed  in\r\n              syslog.conf<\/a>(5).<\/span> The<\/span> default<\/span> is<\/span> mail<\/span> .<\/span>\r\n\r\n       SyslogSuccess<\/span> (Boolean)<\/span>\r\n              Log  via  calls  to  syslog<\/a>(3)<\/span>  additional  entries   indicating\r\n              successful signing or verification of messages.\r\n\r\n       TestPublicKeys<\/span> (string)<\/span>\r\n              Names  a  file  from which public keys should be read.  Intended\r\n              for use only during automated testing.\r\n\r\n       UMask<\/span> (integer)<\/span>\r\n              Requests a  specific  permissions  mask  to  be  used  for  file\r\n              creation.   This  only  really applies to creation of the socket\r\n              when Socket<\/span> specifies a UNIX domain socket, and to  the  PidFile<\/span>\r\n              (if any); temporary files are created by the mkstemp<\/a>(3)<\/span> function\r\n              which enforces a specific file mode on  creation  regardless  of\r\n              the process umask.  See umask<\/a>(2)<\/span> for more information.\r\n\r\n       UserID<\/span> (string)<\/span>\r\n              Attempts   to   become  the  specified  userid  before  starting\r\n              operations.  The value  is  of  the  form  userid[:group].<\/span>   The\r\n              process  will be assigned all of the groups and primary group ID\r\n              of the named userid<\/span> unless an alternate group<\/span> is specified.\r\n\r\n       UseASPDiscard<\/span> (Boolean)<\/span>\r\n              If \"true\", requests discard of messages which are determined  to\r\n              be suspicious according to the author domain\u2019s published signing\r\n              procedure (ASP) record if that record also recommends discard of\r\n              such messages.\r\n\r\n       X-Header<\/span> (Boolean)<\/span>\r\n              Causes  dkim-filter<\/span>  to  add a header indicating the presence of\r\n              this filter in  the  path  of  the  message  from  injection  to\r\n              delivery.   The  product\u2019s  name,  version,  and  the job ID are\r\n              included in the header\u2019s contents.<\/pre>\n
NOTES<\/strong><\/h4>\n
       When using DNS timeouts (see the DNSTimeout<\/span> option above), be sure  not\r\n       to  use  a  timeout  that  is  larger  than  the timeout being used for\r\n       interaction between sendmail<\/span> and the filter.  Otherwise, the MTA  could\r\n       abort  a  message  while  waiting for a reply from the filter, which in\r\n       turn is still waiting for a DNS reply.<\/pre>\n
VERSION<\/strong><\/h4>\n
       This man page covers version 2.5.4 of dkim-filter.<\/span><\/pre>\n
COPYRIGHT<\/strong><\/h4>\n
       Copyright (c) 2007, 2008, Sendmail, Inc. and its suppliers.  All rights\r\n       reserved.<\/pre>\n
SEE<\/strong> ALSO<\/strong><\/h4>\n
       dkim-filter<\/a>(8),<\/span> sendmail<\/a>(8)<\/span>\r\n\r\n       RFC4871 - DomainKeys Identified Mail\r\n\r\n       Authentication-Results Internet Draft<\/pre>\n","protected":false},"excerpt":{"rendered":"
NAME dkim-filter.conf – Configuration file for dkim-filter LOCATION \/etc\/mail\/dkim-filter.conf DESCRIPTION dkim-filter(8) implements the DKIM specification for signing and verifying e-mail messages on a per-domain basis. This file is its configuration file, read on startup only. Blank lines are ignored. Lines containing a hash (“#”) character are truncated at the hash character to allow for comments […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[51,85,74],"tags":[186,188,187,189,190,134],"class_list":["post-356","post","type-post","status-publish","format-standard","hentry","category-linux-linuxrs","category-proxy","category-servidor-de-e-mail","tag-dkim","tag-dkim-filter","tag-filter","tag-milter","tag-smtpd","tag-zimbra"],"_links":{"self":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts\/356","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=356"}],"version-history":[{"count":1,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts\/356\/revisions"}],"predecessor-version":[{"id":357,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts\/356\/revisions\/357"}],"wp:attachment":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=356"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=356"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=356"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}