Matus UHLAR - fantomas:
this is more an issue of how milter itself operates.
the milter is supposed to see e-mail as it was received from (smtp) client -
even without Received: headers, just with other milters' modifications.
If SpamAssassin (SA from now) has to see Authentication-Results: headers
from other milter, the other milter must run before milter using SA
(spamass-milter, amavisd-milter, etc)
SA milter has to synthetize the Received: header it passsed with mail to
SpamAssassin. If it prepends Received: header (as expected), the
Authentication-Results: header(s) added by the former milter appear after
Received: and SA doesn't trust it.
...nobody sees the synthetized Received: header later, they see Received:
added by MTA, before Authentication-Results added by mentioned milter.
On 18.05.21 14:12, David Bürgin wrote:
Thank you, this is a good summary of the problem.
I want to add to this old thread, that last few changes fixed this problem.
When milter adds header, it can add it at position 0 which means before
MTA-added Received: header.
pull requests were submitted to put Authentication-Results in case of
OpenDKIM - https://github.com/trusteddomainproject/OpenDKIM/pull/126
OpenDMARC - https://github.com/trusteddomainproject/OpenDMARC/pull/171
and openARC - https://github.com/trusteddomainproject/OpenARC/pull/141
so hopefully, next releases will put headers at proper place.
I have patched OpenDKIM and OpenDMARC and can verify, that not only other
milters, but also later programs see Authentication-Results: at proper
place, so sendmail can trust them.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite? (Y/N)
