I’m trying to debug why some inbound emails are failing DKIM checks. I’m running the latest version of Microsoft Exchange server 2019 on Widows Server 2022.
I have enabled pipeline tracing via the Exchange Management shell, and have set it to capture emails from a certain domain.
This is working fine and I can see two separate folders are created per email caught.
These folders then contain original.eml and then the incrementing SmtpReceive and Routing .eml files.
However, when I run the original.eml file against dkimpy (Python utility that can check the dkim signature of .emls) the actual DKIM signature differs from the expected – which suggests that the email’s body or headers have been changed. (Note that the exact same email sent to another MTA server has the expected DKIM signature)
I am trying to work out when my Exchange server is altering this incoming email – since the DKIM signature fails on the original.eml this tells me it is happening somewhere before the transport agents.
Is there a way to view the .eml for an inbound email as soon as it reaches my exchange server?
