I became interested in DKIM and set up dkim-milter on the mail server, Sendmail, that runs on my mail server. I noticed two areas that the sendmail + dkim-milter solution did not cover completely:
There are a number of possible solutions to this problem. One solution is to modify the MDA (e.g. procmail) to do DKIM verification. Another is to run multiple sendmail servers and multiple dkim-filter services in order to differentiate between the "sign" and "verify" phases of DKIM during the message delivery process.
I chose to tackle the problem from the MDA perspective. In order to enable the software to work both with procmail and with majordomo (though, theoretically, any MDA or mailing list software should work), I chose to write the program as a "wrapper". The wrapper program would receive the raw message, perform verification, insert the Authentication-Results header and execute the "real" MDA passing along the newly-verified message.
This initial version of dkim-verify is very "rough-around-the-edges". So far, it is working great in my environment for its intended purpose (for verification of locally-delivered mail and mail sent via majordomo). This initial release comes no where near the level of feature completeness or configuration options as the excellent dkim-milter. In my experience, dkim-verify seems to be robust, reliable; there very well may be bugs that cause problems on other systems. The build is simple and Makefile-based.