DKIM signing broken in Server 5.2 and later

Originator:michalm.mac
Number:rdar://35070721 Date Originated:19.10.2017
Status:Closed Resolved:
Product:Server Product Version:5.4
Classification:Serious bug Reproducible:Always
 
Summary:
I've configured amavisd in macOS Server to sign email with DKIM key.
Since Server 5.2 signing did not work anymore.

I was able to fix it by manually patching /Applications/Server.app/Contents/ServerRoot/usr/bin/amavisd
using advice from apple forums ->
https://discussions.apple.com/thread/7684786?start=0&tstart=0
After adding line 22852  $msginfo->originating(c('originating'));
signing works again.

Please fix this or create support article about proper DKIM configuration on macOS Server (or even better integrate this option into Server.app GUI).

Steps to Reproduce:
Configure amavisd to sign email using dkim. See configuration files in attachment.
=>
1. Generate DKIM key
mkdir -p /somedir/dkim 
chown _amavisd /somedir/dkim 
sudo -u _amavisd -H amavisd genrsa /somedir/domain.com 2048
chown root:_amavisd /somedir/domain.com.pem  
chmod 640 /somedir/domain.com.pem

2. Add lines:
dkim_key('domain.com', 'default', '/somedir/domain.com.pem');
@dkim_signature_options_bysender_maps = ( { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } ); 
$interface_policy{'10024'} = 'MYNETS';

3. Restart mail service

Expected Results:

DKIM signing should work.

Actual Results:

DKIM signing does not work until i patch amavisd as described in summary.

Version/Build:
Server 5.2
Server 5.3
Server 5.4

Configuration:
See configuration in attachment

Comments

Fixed in 5.6.1 Not sure about 5.5.

By michalm.mac at Oct. 26, 2018, 3:19 p.m. (reply...)

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!