Enable DMARC support on exim
As a cPanel web-hosting provider I would like cPanel's Exim binary to be compiled with DMARC support, so that there's a way to properly enforce DMARC stricter policies on inbound mail.
As of v90, Exim is compiled without DMARC support:
# exim -bV|fgrep -i support 2020-10-29 11:41:15 cwd=/root 2 args: exim -bV Support for: crypteq iconv() IPv6 PAM Perl OpenSSL Content_Scanning DANE DKIM DNSSEC Event I18N OCSP PRDR SPF Experimental_SRSThis stops us from using Exim's DMARC validation capabilities  to prevent users with a "reject" DMARC policy from receiving mails which fail SPF or DKIM alignment checks. This means that spoofed mails that use their own domains on the "From:" header while keeping the "MailFrom:" on a remote address to bypass auth checks are not actually being rejected.
This is an attack vector that can be (and is being ) exploited to launch phishing campaigns against users of a domain impersonating someone from their own domain.
Ideally this should be handled entirely by WHM with a new set of options, but simply adding the DMARC support for Exim would be enough to allow us to set up custom ACLs  in order to propery enforce inbound DMARC. This would stop these kind of phishing attempts altogether by rejecting the incoming mail which is not passing alignment checks.
: See section 5 of https://www.exim.org/exim-html-current/doc/html/spec_html/ch-dkim_spf_and_dmarc.html
: as per our own experience, where we detect plenty of phishing attemps using our customer's own domains.
: an example of such ACLs can be found on