Robert Siemer: > Hello everyone, > > I need to DKIM sign possibly huge emails (up to 150MB). > > Conceptually DKIM needs to go over the email twice: once to calculate > and sign the checksum and once to write it out with the result of > the previous step in the headers.? > > A DKIM signer can do this by either keeping the message in memory > (a no-go for me) or write it to a file. > > For the task at hand I want to use a Postfix (filter) mechanism > that allows me to do that without keeping the message in memory > and without having it written to disc twice! > > So far I see that the after-queue content filter mechanism > (FILTER_README) forces you to write the email to disc again. (And > for no good reason, unfortunately: pipe should pass a read-only > file descriptor of the queue file to filter?s stdin. The filter > can use lseek() on that.)
That would do you no good. (1) The queue file contains both message metadata and message content, formatted as TLV records (type-length-value). There are no text lines separated with CRLF or LF amywhere. (2) Non-Postfix programs that depend on the queue file format are unsupported. > The alternative, the before-queue milter (MILTER_README), is > insufficiently documented for me to see if it avoids keeping the > message in memory and avoids writing the original mail to file > twice. ? Maybe some expert here knows if the milter API can avoid > that and if both milter sides, i.e. Postfix and e.g. opendkim > indeed do avoid these pitfalls. The Postfix Milter implementation edits the file in place. Instead of writing the file multiple times, it "prepends" the DKIM signature using in-file pointer flipping (some TLV records specify jumps). Wietse