Set DKIM policy to relaxed/relaxed

And make this policy configurable.

default.nix

@@ -600,6 +600,26 @@ in
         '';
     };
 
+    dkimHeaderCanonicalization = mkOption {
+        type = types.enum ["relaxed" "simple"];
+        default = "relaxed";
+        description = ''
+          DKIM canonicalization algorithm for message headers.
+
+          See https://datatracker.ietf.org/doc/html/rfc6376/#section-3.4 for details.
+        '';
+    };
+
+    dkimBodyCanonicalization = mkOption {
+        type = types.enum ["relaxed" "simple"];
+        default = "relaxed";
+        description = ''
+          DKIM canonicalization algorithm for message bodies.
+
+          See https://datatracker.ietf.org/doc/html/rfc6376/#section-3.4 for details.
+        '';
+    };
+
     debug = mkOption {
       type = types.bool;
       default = false;

docs/options.rst

@@ -627,6 +627,30 @@ mailserver.dkim
 ~~~~~~~~~~~~~~~
 
 
+mailserver.dkimBodyCanonicalization
+-----------------------------------
+
+DKIM canonicalization algorithm for message bodies.
+
+See https://datatracker.ietf.org/doc/html/rfc6376/#section-3.4 for details.
+
+
+- Type: ``one of "relaxed", "simple"``
+- Default: ``relaxed``
+
+
+mailserver.dkimHeaderCanonicalization
+-------------------------------------
+
+DKIM canonicalization algorithm for message headers.
+
+See https://datatracker.ietf.org/doc/html/rfc6376/#section-3.4 for details.
+
+
+- Type: ``one of "relaxed", "simple"``
+- Default: ``relaxed``
+
+
 mailserver.dkimKeyBits
 ----------------------
 

mail-server/opendkim.nix

@@ -59,7 +59,7 @@ in
         keyPath = cfg.dkimKeyDirectory;
         domains = "csl:${builtins.concatStringsSep "," cfg.domains}";
         configFile = pkgs.writeText "opendkim.conf" (''
-          Canonicalization relaxed/simple
+          Canonicalization ${cfg.dkimHeaderCanonicalization}/${cfg.dkimBodyCanonicalization}
           UMask 0002
           Socket ${dkim.socket}
           KeyTable file:${keyTable}