Hi David, the fix is a pretty obvious one-liner. The risk in applying it is very low. But it makes the difference between "works for me" and "better don't use opendkim, because it makes things worse".
Consider this: You send an EMail to somebody outside your own (masqueraded) domain, you get a reply, and you answer on this reply. Your first EMail was properly signed by opendkim, but your replay wasn't, because ReplaceRules also affected the References line in the header. ReplaceHeaders has been introduced to fix this problem. It does, if the fix is included and if you add an appropriate line to your opendkim.conf. Without this fix ReplaceHeaders is rejected in the config file, and ReplaceRules corrupts the header of appr. 50% of your outgoing replies. I understand that both ReplaceRules and ReplaceHeaders are dirty workarounds for something that should have been properly implemented, but it should still be possible to include fixes for opendkim, because it is a security- related package. Thanx very much Harri
