I was wondering how to properly fix this for users of Debian Jessie. Clearly, just re-compiling OpenDKIM including the patch would fix DKIM of folded headers on systems that do not use OpenDKIM < 2.11 for evaluating messages, but it would break exchange with other Debian Jessie servers which did not apply the patch. So, ideally, the patch should finds its way into Debian Jessie by updating the package.
Until then, one workaround is to rewrite (i.e. to unfold) headers before OpenDKIM gets the messages for signing. With Postfix this can be achieved for instance with header_checks(5): -- main.cf -- header_checks = pcre:/etc/postfix/header_checks -- header_checks -- # squeeze whitespace if header is folded after the ":" to work around # OpenDKIM canonicalization bug, cf. https://bugs.debian.org/840015 /^([A-Za-z0-9-]+:)\s*\n\s+(.*)$/ REPLACE $1 $2 -- -- Andreas