Hello, I invested a lot of time tweaking OpenDKIM+Sendmail not to break DKIM- Signatures, when sendmail is used at the same time to verify available signatures, adding an Authentication-Results header, signing the message and forwarding it to the alias-destination. A key element was to tweak sendmail not to alter the messages, in order to keep the original signature valid.
Sendmail breaks signatures, when the options * SevenBitInput is changed from its default to True, or * MustQuoteChars is left to its default - quoting the display-part of the From/Sender headers, if these are unquoted and contain a fullstop or an apostrophe sign. I proposed updating the documentation of opendkim at https://github.com /trusteddomainproject/OpenDKIM/issues/17 . As I don't use Postfix, I don't know how and when the latter modifies messages, that are relayed. Please review https://github.com/trusteddomainproject/OpenDKIM/blob/mas ter/opendkim/README in the parts of 8-bit conversion and configuring postfix for using opendkim, regarding default modification performed by Postfix on incoming messages, consider what other options can modify the message, and propose update of opendkim/README. If postfix does not change the mails by default, please be explicit and include also this information in opendkim/README. It really costs a lot of time to find out why very few DKIM signatures get broken and updating the documentation will help make DKIM-signing robust. Kind regards Dilian
