I am running dkim-milter version 2.4.0 (with sendmail 8.14.1) and have noticed some strange behavior that I was not expecting.
 
After starting, it listens on tcp port 8891 as expected:
 
]# netstat -atunp | grep dkim
tcp        0      0 127.0.0.1:8891              0.0.0.0:*                   LISTEN      8536/dkim-filter
If I send a message that gets signed, there is no change to the ports it listens on.
 
If I receive a message that gets verified (in this case a msg without a signature), it starts listening on a random udp port:
 
]# netstat -atunp | grep dkim
tcp        0      0 127.0.0.1:8891              0.0.0.0:*                   LISTEN      8536/dkim-filter
udp        0      0 0.0.0.0:35969               0.0.0.0:*                               8536/dkim-filter
 
If it receives another message, the UDP port number that it listens on does not change. But if I restart the process, and it verifies another message, then it listens on a different udp port (which appears to increment).
 
]# netstat -atunp | grep dkim
tcp        0      0 127.0.0.1:8891              0.0.0.0:*                   LISTEN      8916/dkim-filter
udp        0      0 0.0.0.0:35971               0.0.0.0:*                               8916/dkim-filter
 
This is not causing any usability problems, but I do find it interesting. At one point, I was able to netstat the DNS query, and it was sent from a low numbered udp port. Not these high numbers that dkim-milter is listening on after a verify. Are there any concerns with this peculiar behavior?
 
Jason