I was wondering how to properly fix this for users of Debian Jessie.
Clearly, just re-compiling OpenDKIM including the patch would fix DKIM
of folded headers on systems that do not use OpenDKIM < 2.11 for
evaluating messages, but it would break exchange with other Debian
Jessie servers which did not apply the patch. So, ideally, the patch
should finds its way into Debian Jessie by updating the package.
Until then, one workaround is to rewrite (i.e. to unfold) headers
before OpenDKIM gets the messages for signing.
With Postfix this can be achieved for instance with header_checks(5):
-- main.cf --
header_checks = pcre:/etc/postfix/header_checks
-- header_checks --
# squeeze whitespace if header is folded after the ":" to work around
# OpenDKIM canonicalization bug, cf. https://bugs.debian.org/840015
/^([A-Za-z0-9-]+:)\s*\n\s+(.*)$/ REPLACE $1 $2