Question about "Allow DKIM verification for incoming messages" exim option

[dzamanakos]

Hi, in basic exim configuration there is an option "Allow DKIM verification for incoming messages".
There is also another one below that is "Reject DKIM failures" that can be enabled only if the above is enabled.
I would like to ask what the system will do when "Allow DKIM verification for incoming messages" is checked it and keep unchecked the "Reject DKIM failures".
Will exim just validates the dkim signature, without taking any action?
If yes, it has no use to keep it enabled, without check the "Reject DKIM failures", as it's just using cpu, is that right?
If no, what does it do, if not rejecting?

best regards,

 

[cPanelLauren]

SpamAssassin scores based off of the DKIM verification done. So I wouldn't say it's a waste of CPU nor would I say that it has no effect.

 

[kdean]

Are you sure Spamassassin uses Exim's DKIM lookups? Spamassassin has it's own plugin for that. My spamassassin reports show DKIM verifications without the Exim feature enabled.

Mail::SpamAssassin::Plugin::DKIM - perform DKIM verification tests

 

[dzamanakos]

Thank you both for your replies.
cPanelLauren can you check it in depth, in order to be sure if i 'll enable it or not?
If spamassassin, as kdean noticed, uses it's own plugin, it has no use to have it enabled (in that case, dkim verification and reject dkim failures should be one option, as verification itself doesnt do anything).
If spamassassin relies in that option to flag spam, i will enable it.

best regards,

 

[juming]

I also have same question for that option, because some customer email can't received, even I whitelist in cpanel filter, and disabling greylisting. But after disable this option it came normally.

But still I think it's better if it can do DKIM verification, but still allow email received whatever the result of verification, just make some changes at subject such ***SPAM*** or any other text. Otherwise if there is no differences between enable verification but allow email go thru, and disable verification, then I prefer disable it, since it will reduce processor time and recources.

Any other opinion ?