DKIM and MailScanner used in a mail forwarder

Julian Field MailScanner at
Mon Mar 9 11:04:23 GMT 2009

Hash: SHA1

On 9/3/09 11:01, Alex Broens wrote:
> On 3/9/2009 11:46 AM, Julian Field wrote:
>> Hash: SHA1
>> On 9/3/09 09:06, Julian Field wrote:
>>> * PGP Signed: 03/09/09 at 09:06:48
>>> On 9/3/09 01:30, Alex Neuman wrote:
>>>> I believe it's been tried before with sendmail but, as Brent 
>>>> mentions, you have to have an instance of sendmail that does the 
>>>> actual signing after MailScanner's done with the message.
>>> Yes, I have separate incoming and outgoing mail systems. And yes, I 
>>> guess I mean "redirect" and not "forward". Many ISP's offer mail 
>>> forwarding ("redirecting") for addresses at a customer's domain. So 
>>> how does anyone else deal with this problem?
>>>> On Sun, Mar 8, 2009 at 5:45 PM, Brent Addis 
>>>> <brent.addis at <mailto:brent.addis at>> wrote:
>>>>     I use it, it's fine. Exim only signs when it actually sends the
>>>>     message, so it includes the mailscanner headers.
>>>>     No idea about postfix/sendmail/whatever else
>>>>     Make sure you have separate sending and receiving systems (Sending
>>>>     signs, receiving checks)
>>>>     On Sun, 2009-03-08 at 11:37 +0000, Julian Field wrote:
>>>>>     How badly does DKIM interact with MailScanner when MailScanner 
>>>>> is used
>>>>>     in a mail forwarding system?
>>>>>     What could I do to improve the situation?
>>>>>     Jules
>> It appears that DKIM doesn't take the order of most of the headers 
>> into account after all (I read the spec a bit more thoroughly). It 
>> only worries about the headers which are named in the 
>> "DKIM-Signature" header. So there's no need to move the new headers 
>> to the top of the message after all. Though I will probably leave the 
>> option in place, as people have asked for it in the past.
>> Unfortunately the list of headers that appear in the list is a bit 
>> long, and includes some that MailScanner may inadvertently tweak, 
>> such as Content-Type, Content-Transfer-Encoding and Message-ID.
> Pls make sure that the move is not set per default.
Don't worry, I wouldn't do that to you!


- -- 
Julian Field MEng CITP CEng
Buy the MailScanner book at

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

Version: PGP Desktop 9.9.1 (Build 287)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list