OpenDKIM SSL error:04091068:rsa routines:int_rsa_verify:bad signature
Whenever you run into an issue like that with OpenDKIM and Postfix in your
setup, make sure the header_checks directive does not reference something
like the following regex anywhere:
/^Mime-Version:/ IGNORE
This of course modifies the message before the DKIM check and will therefore make it fail.