I am using OpenDKIM (installed by Virtualmin when I click on the install button
Virtualmin -> Email messages -> DKIM -> Install).
When I select
Reject incoming email with invalid DKIM signature? (*) Yes it adds headers into the message with information about validity of the signature:
DKIM-Filter: OpenDKIM Filter v2.11.0 ...
Authentication-Results: server.example.com; dkim=fail reason="....
This way I can create custom filters in my e-mail client (Evolution) to look for "dkim=fail" and assign specific label (with different colour) that says "DKIM verification failed" or other scary message.
In the configuration file
/etc/opendkim.conf I see that turning this option to
(*) Yes is changing
Mode s to
This is great and is what I actually want, however it is misleading, because when the user set
Reject incoming email with invalid DKIM signature? to
(*) Yes he expects that emails with wrong signatures are rejected (not received and error message returned to the sender). Which is not the case.
I suggest to add another option called
Verify DKIM signature and add "Authentication-Results" header that works this way and
Reject incoming email with invalid DKIM signature? to actually reject the message when set to
I noticed also another problem: it works as dkim-milter only after I add this to the
SenderHeaders Sender,From. If there is no
Sender (this is the default:
SenderHeaders From) it will not sign messages when the
From address is not listed in
dkim-domains.txt (but the
Sender address is listed there). I am suggesting to add a way to correct this via Virtualmin interface ("DomainKeys identified mail options") or change the config file when DKIM is enabled via Virtualmin.