I have added preliminary DKIM support to Exim in CVS. If anyone feels
adventurous, please try these 2 tarballs:
http://duncanthrax.net/exim-experimental/exim-4.69-cvssnap-2007-09-28.tar.gz
http://duncanthrax.net/exim-experimental/libdkim-1.0.15-tk.tar.gz
The former is a current CVS snapshot of Exim. The latter is a forked
version of ALT-N's libdkim that you will need to install.
I've put docs in exim-experimental.spec and also here:
http://wiki.exim.org/DKIM
The verification possibilities are very limited at the moment, but
should suffice to treat the few domains (paypal?) that sign outgoing
email today and have sufficiently strict policies.
I looked at both the "libdkim" implementations of Sendmail (included in
their dkim-milter project) and ALT-n's one. Both are not ideal:
Sendmail libdkim: Does not build out-of-the-box on my whizbang gentoo
system. Also uses an arcane build system. Needs tweaks to CFLAGS (hard
to find) to build with LARGEFILE support on Linux. Otherwise off_t size
mismatch will ruin our supper (with no compiler warning). The API is
geared towards supporting the milter interface which Exim does not have.
Could not get it to generate a valid signature after a few hours, but
I'm probably too dumb. Needs linking Exim with -lssl and -lsm (sendmail
utility lib).
ALT-N libdkim: Does not build out-of-the-box on my whizbang gentoo
system because of a few Windowish #defines which I first simulated but
then kicked out. API is well-suited for Exim integration. Needs linking
Exim with -lssl and -lstdc++. However the amount of verification info
that it gives out needs to be extended in the future to allow for
writing flexible policies in Exim ACLs.
/tom