Following the release of Exim v 4.94.2 with the security fixes there are some steps to take to fix the DKIM signing functionality for outbound emails.
These address the errors you could see in /var/log/maillog
Tainted filename '/etc/exim/dkim/<your domain>.dkim'
unable to open file for reading: /etc/exim/dkim/<your domain>.dkim
Check your DKIM files are in the /etc/exim/dkim/ directory
In /var/lib/atmail/mailserver/roles/ss1ip/templates/exim/ edit the exim.conf.j2 file
vi /var/lib/atmail/mailserver/roles/ss1ip/templates/exim/exim.conf.j2
there is a section of text for DKIM
add a new line of
DKIM_PATH = /etc/exim/dkim
and change the DKIM_FILE line to
DKIM_FILE = DKIM_DOMAIN.dkim
Further down in the transports section replace the dkim_private_key line with
dkim_private_key = ${lookup {DKIM_FILE} dsearch,ret=full {DKIM_PATH}}
Save the file and run a Publish config within the Admin UI.
Check the /etc/exim/exim.conf file has these edits and restart Exim
systemctl restart exim
Send a test email to check if the DKIM-Signature is in the headers.
Comments