DKIM Signing versus zimbraMtaRelayHost

For context: we're currently running 6.0.1 Network Edition on CentOS machines (hosted on Amazon EC2 instances).

To start with, we had successfully enabled outbound DKIM signing by adding the following to ~zimbra/conf/amavisd.conf, then running "zmamavisdctl restart"

Code:

$enable_dkim_signing = 1; dkim_key('<dkim-domain>', '<dkim-selector>', '<dkim-private-key-filename>'); @mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8);

Some time later, we configured Zimbra to relay email through our corporate server using:
- "zmprov ms $(hostname) zimbraMtaRelayHost $relayserver:$relayport"
- creation of ~zimbra/conf/relay_config with our values
- "postmap hash:/opt/zimbra/conf/relay_config"
- several postconf's to set smtp_* values
- "postfix reload"

While this works (email is relayed as expected), outbound emails are no longer being DKIM-signed. We don't want to do DKIM signing on the relay server, either, so I have two questions for the Postfix / Zimbra gurus:

- Is this incompatibility likely being caused by an ordering of Postfix operations? (That is, is DKIM signing being done 'after' the relayhost procedure?)

- If so, is there a simple way to reorder these steps, so that mail is signed _before_ being relayed to our corporate server?

I would greatly appreciate any and all feedback. :-)

Does anyone know how I can get DKIM signing to happen before the external SMTP relay?

Quote:

Originally Posted by EmOperations

Does anyone know how I can get DKIM signing to happen before the external SMTP relay?

I use the method with dk-milter (on my CentOS 5.4 server) rather than the one your using and don't seem to have any problems with the DKIM signature and relaying mail through another server. Perhaps that might be a better method than the one you're using?

Thank you for the pointer, phoenix. I'll look into using a milter approach instead of amavisd ... this looks promising: Index of /oss/dkim-milter