====== Exim4 - Validating DKIM ======
DKIM-checking requires no additional software to be installed, but it does have a slightly complex configuration.
Edit /etc/exim4/conf.d/acl/00_exim4-config_header, adding the following to the start of the file:
acl_smtp_dkim = acl_check_dkim
All being well this will then be the complete contents:
acl_smtp_dkim = acl_check_dkim
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
After this create the file /etc/exim4/conf.d/acl/10_local_dkim_check, with this content:
acl_check_dkim:
# Deny failures
deny
dkim_status = fail
logwrite = DKIM test failed: $dkim_verify_reason
add_header = X-DKIM: DKIM test failed: (address=$sender_address domain=$dkim_cur_signer), signature is bad.
# Deny invalid signatures
deny
dkim_status = invalid
add_header = X-DKIM: $dkim_cur_signer ($dkim_verify_status); $dkim_verify_reason
logwrite = DKIM test passed (address=$sender_address domain=$dkim_cur_signer), but signature is invalid.
# Accept valid/passed sigs
accept
dkim_status = pass
logwrite = DKIM test passed
add_header = X-DKIM: DKIM passed: (address=$sender_address domain=$dkim_cur_signer), signature is good.
# And anything else.
accept
**NOTE**: Incoming emails will have a new header X-DKIM added to them
Restart exim4.
update-exim4.conf
service exim4 restart
Log-entries will look like this:
..
2015-08-02 19:34:06 1ZLy5G-0001rA-Lh DKIM: d=googlemail.com s=20120113 c=relaxed/relaxed a=rsa-sha256 [verification succeeded]
2015-08-02 19:34:06 1ZLy5G-0001rA-Lh DKIM test passed
2015-08-02 19:34:06 1ZLy5G-0001rA-Lh <= john@googlemail.com ..
..
Logging will end up in the mailserver logfile (/var/log/exim4/mainlog).