I was wondering how to properly fix this for users of Debian Jessie. 
Clearly, just re-compiling OpenDKIM including the patch would fix DKIM 
of folded headers on systems that do not use OpenDKIM < 2.11 for 
evaluating messages, but it would break exchange with other Debian 
Jessie servers which did not apply the patch. So, ideally, the patch 
should finds its way into Debian Jessie by updating the package.

Until then, one workaround is to rewrite (i.e. to unfold) headers 
before OpenDKIM gets the messages for signing.

With Postfix this can be achieved for instance with header_checks(5):

  -- main.cf --
  header_checks = pcre:/etc/postfix/header_checks

  -- header_checks --
  # squeeze whitespace if header is folded after the ":" to work around 
  # OpenDKIM canonicalization bug, cf. https://bugs.debian.org/840015
  /^([A-Za-z0-9-]+:)\s*\n\s+(.*)$/ REPLACE $1 $2

-- Andreas

Reply via email to