1# DKIM23This is the check module that performs verification of the DKIM signatures4present on the incoming messages.56## Configuration directives78```9check.dkim {10 debug no11 required_fields From Subject12 allow_body_subset no13 no_sig_action ignore14 broken_sig_action ignore15 fail_open no16}17```1819### debug _boolean_20Default: global directive value2122Log both successful and unsuccessful check executions instead of just23unsuccessful.2425---2627### required_fields _string..._28Default: `From Subject`2930Header fields that should be included in each signature. If signature31lacks any field listed in that directive, it will be considered invalid.3233Note that From is always required to be signed, even if it is not included in34this directive.3536---3738### no_sig_action _action_39Default: `ignore` (recommended by RFC 6376)4041Action to take when message without any signature is received.4243Note that DMARC policy of the sender domain can request more strict handling of44missing DKIM signatures.4546---4748### broken_sig_action _action_49Default: `ignore` (recommended by RFC 6376)5051Action to take when there are not valid signatures in a message.5253Note that DMARC policy of the sender domain can request more strict handling of54broken DKIM signatures.5556---5758### fail_open _boolean_59Default: `no`6061Whether to accept the message if a temporary error occurs during DKIM62verification. Rejecting the message with a 4xx code will require the sender63to resend it later in a hope that the problem will be resolved.