# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendmarc/examples/opendmarc.conf.sample.

##  AuthservID (string)
##  	defaults to MTA name
#
# AuthservID name

##  FailureReports { true | false }
##  	default "false"
##
# FailureReports false

##  RejectFailures { true | false }
##  	default "false"
##
RejectFailures false

##  Socket socketspec
##  	default (none)
##
##  Specifies the socket that should be established by the filter to receive
##  connections from sendmail(8) in order to provide service.  socketspec is
##  in one of two forms: local:path, which creates a UNIX domain socket at
##  the specified path, or inet:port[@host] or inet6:port[@host] which creates
##  a TCP socket on the specified port for the appropriate protocol family.
##  If the host is not given as either a hostname or an IP address, the
##  socket will be listening on all interfaces.  This option is mandatory
##  either in the configuration file or on the command line.  If an IP
##  address is used, it must be enclosed in square brackets.
#
Socket local:/var/run/opendmarc/opendmarc.sock

##  Syslog { true | false }
##  	default "false"
##
##  Log via calls to syslog(3) any interesting activity.
#
Syslog true

##  SyslogFacility facility-name
##  	default "mail"
##
##  Log via calls to syslog(3) using the named facility.  The facility names
##  are the same as the ones allowed in syslog.conf(5).
#
# SyslogFacility mail

##  TrustedAuthservIDs string
##  	default HOSTNAME
##
##  Specifies one or more "authserv-id" values to trust as relaying true
##  upstream DKIM and SPF results.  The default is to use the name of
##  the MTA processing the message.  To specify a list, separate each entry
##  with a comma.  The key word "HOSTNAME" will be replaced by the name of
##  the host running the filter as reported by the gethostname(3) function.
#
# TrustedAuthservIDs HOSTNAME

##  SPFIgnoreResults { true | false }
##  	default "false"
##
##  Causes the filter to ignore any SPF results in the header of the message.
##  This is useful if you want the filter to perfrom SPF checks itself, or
##  because you don't trust the arriving header.
#
SPFIgnoreResults true

##  SPFSelfValidate { true | false }
##  	default "false"
##
##  Causes the filter to perform a fallback SPF check itself when it can
##  find no SPF results in the message header.  If SPFIgnoreResults is also
##  set, it never looks for SPF results in headers and always performs the
##  SPF check itself when this is set.
#
SPFSelfValidate true

##  UMask mask
##  	default (none)
##
##  Requests a specific permissions mask to be used for file creation.  This
##  only really applies to creation of the socket when Socket specifies a
##  UNIX domain socket, and to the HistoryFile and PidFile (if any); temporary
##  files are normally created by the mkstemp(3) function that enforces a
##  specific file mode on creation regardless of the process umask.  See
##  umask(2) for more information.
#
UMask 0007

##  UserID user[:group]
##  	default (none)
##
##  Attempts to become the specified userid before starting operations.
##  The process will be assigned all of the groups and primary group ID of
##  the named userid unless an alternate group is specified.
#
# UserID opendmarc

## Path to system copy of PSL (needed to determine organizational domain)
#
PublicSuffixList /usr/share/publicsuffix/