On 1 Apr 2021, at 22:07, Noel Butler wrote:
On 01/04/2021 23:10, Simon Wilson wrote:
Does SA always do its "own" DKIM check, or can it be told to use an
already written trusted AuthservId-written Authentication-Results
header, e.g. from OpenDKIM?
Not for DKIM, but by default the SPF plugin will use an
Authentication-Results (or Received-SPF) header written by an internal
host.
That would be dangerous on a few levels, completely open to fake
written headers, you could end up "trusting" a spammer
It isn't particularly difficult to discriminate between headers that
exist when a message arrives at the first internal machine and those
written afterwards. If you're aware of a way for a fake
Authentication-Results written by an external system to be treated as
internal by a properly configured SpamAssassin, please open a bug
report.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
