Configure postfix to DKIM-sign emails generated from the system

My web hosting server features a Postfix setup up and running. That postfix is also open with STARTTLS on port 587 for authorized users (only me, myself and I right now) to send emails to any domain after signing it with DKIM.

Every email I send via Outlook authenticating myself is fine. All DMARC reports display no error. The problem is when web applications send email via that Postfix.

Since I use Apache's mod-itk for PHP hosting, all emails are generated by [email protected] and submitted to Postfix via standard means (sendmail???).

But in that way they are not DKIM-signed. Consider the following:

$ mail [email protected]
Subject: Test DKIM
Hello
.
EOT

Port25 responded:

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: [email protected]
DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: 

Postfix logs don't show dkimproxy interaction.

Before posting my configuration, let's repeat the situation and ask the question.

Currently, when I send an email via SMTP/TLS on port 587 it gets DKIM-signed. When a process on the server sends an email using mail command or PHP builtin mail function, the mail dorsn't get signed by dkimproxy.

The question is: how to sign every email coming from the server itself with dkimproxy?

Configuration is pasted to http://pastebin.ca/2374363. Please note that I have only dkimproxy.out enabled for the moment


You added dkim SIGNING to submission port only.

Postfix handles smtp separatly submission from pickup (mails submited by sendmail command are entering postfix via pickup)

In postfix You should use dkim milter in main.cf

smtpd_milters = inet:localhost:10027
non_smtpd_milters = inet:localhost:10027

First line is for SMTP submission (port 587)

Second line is for mails entering via pickup

One thing to note is that bounce messages and NDR reports generated internally by postfix will not be DKIM signed

Reference http://www.postfix.org/MILTER_README.html