DKIM keys stored in sql?

Mark Martinec via amavis-users amavis-users at
Wed May 7 23:34:28 CEST 2014

Quanah Gibson-Mount wrote:
> Thankfully, OpenDKIM was built to use LDAP for DKIM keys, and does so
> quite well.  I use it rather than amavis for signing for this very
> reason.

Just not to forget that a milter is invoked early by an MTA,
before any of MTAs mail header normalization is performed
(e.g. supplying a missing Message-ID or Date, or a missing
domain part of an email address in From, To, and CC header
fields, or converting 8-bit MIME to QP encoding).

Invoking a DKIM signature verification as early as possible is
desired, but signing outgoing message by an early milter is not
a good idea, as MTA may invalidate the signature by a later step.
To do DKIM signing correctly by a milter (or by a before-queue
proxy) two MTA instances are necessary: one to act as an MSA and
cleanse a message, the second to sign it and send it out.


More information about the amavis-users mailing list