DKIM smtpd_milter before SA content-filter: still valid signing
I am a bit curious about this:
I run a smtpd_milter to sign mail via OpenDKIM. This happens
Next this signed mail goes through a Spamassassin content-filter, which
adds some X-Headers after-queue.
How can this mail still have a valid DKIM signature? Don't get me wrong,
that's what I want.
Both relaxed and simple header canonicalization algorithm seem to not
care about added X-Headers.
Is this by design? Or am I missing something in Postfix' architecture?