> I have run into a problem described in section Sendmail REWRITING FEATURES on http://www.opendkim.org/README:

> Due to the way the milter protocol is incorporated into the MTA, opendkim sees the headers before they are modified as required by those two features (MASQUERADE_AS and FEATURE(genericstable)).

> This means the DKIM signature is generated based on the headers originally

> injected by the mail client and not on the headers which are actually sent

> out by the MTA. As a result, the verifying agent at the receiver's side

> will be unable to verify the signature as the signed data and the received

> data don't match.

> The suggested solutions to this problem are:

> (1) Send mail with the headers already written as needed, obviating the

>     need for these features (or just turn them off).

> (2) Have two MTAs set up, either on separate boxes or on the same box.

>     The first MTA should do all of the rewriting (i.e. use these two

>     features) and the second one should use opendkim to add the signature

>     and do no rewriting at all.

> (3) Have multiple DaemonPortOptions lines in your configuration file.  The

>     first daemon port (port 25) does the header rewriting and then routes

>     the message to the second port; the latter does no rewriting but does the

>     signing and then sends the message on its way.

> Since I'm not an expert in Sendmail I have configured it with help of online tutorials and used masquerade to remove host from email address (to get an address to look like user@domain instead of u...@host.domain). Due to same reason (not being an expert), I have problems understanding suggestions above.

> Main question: What is the most elegant way to achieve host removal from email address without breaking OpenDKIM?

> Best regards,

> Mario