David Bürgin:
> David Bürgin:
> > Bother. I think I will try to modify my SpamAssassin milter, so that it
> > will add a synthetic ‘internal’ Received header right after the
> > Authentication-Results headers … that should trick SpamAssassin into
> > recognising them as internal.
>
> Here’s the plan to address this in SpamAssassin Milter
> (https://crates.io/crates/spamassassin-milter): Add an option that takes
> a regular expression which matches headers *after which* the synthetic
> ‘internal’ Received header should be inserted.
For those following along, I have added a new experimental option to my
SpamAssassin milter implementation. Here’s the documentation:
--synth-relay POS
Synthesize the internal relay header after position POS. POS may
be either an integer, in which case the relay header will be in‐
serted after skipping POS header lines, or a regular expression,
in which case the relay header will be inserted after skipping all
header lines matching POS. This option is useful in situations
where the default position of the synthesized internal relay
header (the MTA’s Received header, https://cwiki.apache.org/con‐
fluence/display/SPAMASSASSIN/TrustedRelays) at the very beginning
of the message header is not appropriate. For example, when other
milters insert Authentication-Results headers for SpamAssassin to
consume, SpamAssassin will not trust these headers unless they ap‐
pear before the internal relay header; in this case setting POS to
“^(?i)authentication-results:” achieves proper placement of the
relay header after such header lines.
Now, using the following setting I should get SpamAssassin to reuse
Authentication-Results provided by SPF Milter:
--synth-relay '^(?i)authentication-results: *mail\.gluet\.ch;'
And here we go:
May 21 19:08:21 mail spf-milter[42418]: mxout1-he-de.apache.org (helo): pass
May 21 19:08:21 mail spf-milter[42418]:
users-return-124577-dbuergin=gluet...@spamassassin.apache.org (mailfrom): pass
May 21 19:08:21 mail spf-milter[42418]: E87B4400D309: adding
Authentication-Results header
May 21 19:08:21 mail spf-milter[42418]: E87B4400D309: Authentication-Results:
mail.gluet.ch; spf=pass smtp.helo=mxout1-he-de.apache.org
May 21 19:08:21 mail spf-milter[42418]: E87B4400D309: adding
Authentication-Results header
May 21 19:08:21 mail spf-milter[42418]: E87B4400D309: Authentication-Results:
mail.gluet.ch; spf=pass smtp.mailfrom=spamassassin.apache.org
May 21 19:08:22 mail spamassassin-milter[55644]: E87B4400D309: inserting
synthetic relay header at index 4
May 21 19:08:22 mail spamd[56256]: spf: checking to see if the message has a
Received-SPF header that we can use
May 21 19:08:22 mail spamd[56256]: spf: found an Authentication-Results header
added by an internal host: Authentication-Results: mail.gluet.ch; spf=pass
smtp.helo=mxout1-he-de.apache.org
May 21 19:08:22 mail spamd[56256]: spf: re-using helo result from
Authentication-Results header: pass
May 21 19:08:22 mail spamd[56256]: spf: found an Authentication-Results header
added by an internal host: Authentication-Results: mail.gluet.ch; spf=pass
smtp.mailfrom=spamassassin.apache.org
May 21 19:08:22 mail spamd[56256]: spf: re-using mfrom result from
Authentication-Results header: pass
Success! For now I’m keeping this on a separate branch. Don’t know if it
feels too hacky to keep, feedback welcome. I would prefer if this could
be solved in SpamAssassin (bug 6918).
Ciao,
David
