Hello everyone, I need to DKIM sign possibly huge emails (up to 150MB).
Conceptually DKIM needs to go over the email twice: once to calculate and sign the checksum and once to write it out with the result of the previous step in the headers.¹ A DKIM signer can do this by either keeping the message in memory (a no-go for me) or write it to a file. For the task at hand I want to use a Postfix (filter) mechanism that allows me to do that without keeping the message in memory and without having it written to disc twice! So far I see that the after-queue content filter mechanism (FILTER_README) forces you to write the email to disc again. (And for no good reason, unfortunately: pipe should pass a read-only file descriptor of the queue file to filter’s stdin. The filter can use lseek() on that.) The alternative, the before-queue milter (MILTER_README), is insufficiently documented for me to see if it avoids keeping the message in memory and avoids writing the original mail to file twice. – Maybe some expert here knows if the milter API can avoid that and if both milter sides, i.e. Postfix and e.g. opendkim indeed do avoid these pitfalls. Regards, Robert :-) ¹ ...as POSIX file systems have no prepend operation
