Sendmail rewriting headers after OpenDKIM signature

view full story

http://serverfault.com – I have run into a problem described in section Sendmail REWRITING FEATURES on http://www.opendkim.org/README: Due to the way the milter protocol is incorporated into the MTA, opendkim sees the headers before they are modified as required by those two features (MASQUERADE_AS and FEATURE(genericstable)). This means the DKIM signature is generated based on the headers originally injected by the mail client and not on the headers which are actually sent out by the MTA. As a result, the verifying agent at the receiver's side will be unable to verify the signature as the signed data and the re (HowTos)