Doing it the Lion way...
Actually there is a built in hidden solution if you use amavisd and you probably should. If you take a close look at the /etc/amavisd.conf you will see that not only there is a built in option, but it is actually almost activated(!!!):
$enable_dkim_verification = 1; # enable DKIM signatures verification
$enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key
There are a couple of more things to do though. First create the DKIM key:
amavisd genrsa /var/amavis/dkim_key
chmod 644 /var/amavis/dkim_key
Then add something like the following to your /etc/amavisd.conf:
dkim_key('example.com', 'mail', '/var/amavisd/dkim_key');
@dkim_signature_options_bysender_maps = ( { '.' => { a => 'rsa-sha256', ttl => 30*24*3600, c => 'relaxed/relaxed' } } );
If you google around you will find a lot more info if you want to customize your network(s) further more.
If your server is not behind a firewall and you do not use a private network then you need to add your client's IP to:
@mynetworks = qw( 127.0.0.0/8......192.168.0.0/16 YOURIP/NET );
Time to set your DNS key, run:
amavisd showkeys
and include the output to your forward zone(s). If everything is set correctly then run:
amavisd testkeys
and you should see a "pass" at the end of each domain key. Final step is to reload amavisd. Do not use "amavisd reload". You only have to kill the master process and it will restart in 10 sec. To find out the process id use something like this:
ps aux | grep amavisd | grep master
kill "PID#"
Of course, you should have root access to do all of the above.
Enjoy your DKIM signing Mac OS X mail server!
PS: Well done Apple for putting together the best unix tools around but please don't leave things almost done...