Simon Wilson via users skrev den 2024-07-03 09:48:
So I guess the question is why SA is not accepting a trusted header
with a DKIM pass recorded with the same mail path through the system?
I have no AuthRes settings set specifically in local.cf.
so add it :)
ifplugin Mail::SpamAssassin::Plugin::AuthRes
authres_networks all
authres_trusted_authserv mail.simonandkate.net
describe AUTHRES_ARC_FAIL Authentication-Results: has "arc=fail"
result
describe AUTHRES_ARC_NONE Authentication-Results: has "arc=none"
result
describe AUTHRES_ARC_PASS Authentication-Results: has "arc=pass"
result
header AUTHRES_ARC_FAIL eval:check_authres_result('arc', 'fail')
header AUTHRES_ARC_NONE eval:check_authres_result('arc', 'none')
header AUTHRES_ARC_PASS eval:check_authres_result('arc', 'pass')
score AUTHRES_ARC_FAIL 1.5
score AUTHRES_ARC_NONE 0.5
score AUTHRES_ARC_PASS -1.5
describe AUTHRES_ADSP_DISCARD Authentication-Results: has
"dkim-adsp=discard" result
describe AUTHRES_ADSP_FAIL Authentication-Results: has
"dkim-adsp=fail" result
describe AUTHRES_ADSP_NONE Authentication-Results: has
"dkim-adsp=nonr" result
describe AUTHRES_ADSP_NXDOMAIN Authentication-Results: has
"dkim-adsp=nxdomain" result
describe AUTHRES_ADSP_PASS Authentication-Results: has
"dkim-adsp=pass" result
describe AUTHRES_ADSP_PERMERROR Authentication-Results: has
"dkim-adsp=permerror" result
describe AUTHRES_ADSP_TEMPERROR Authentication-Results: has
"dkim-adsp=temperror" result
describe AUTHRES_ADSP_UNKNOWN Authentication-Results: has
"dkim-adsp=unknown" result
header AUTHRES_ADSP_DISCARD eval:check_authres_result('dkim-adsp',
'discard')
header AUTHRES_ADSP_FAIL eval:check_authres_result('dkim-adsp',
'fail')
header AUTHRES_ADSP_NONE eval:check_authres_result('dkim-adsp',
'none')
header AUTHRES_ADSP_NXDOMAIN eval:check_authres_result('dkim-adsp',
'nxdomain')
header AUTHRES_ADSP_PASS eval:check_authres_result('dkim-adsp',
'pass')
header AUTHRES_ADSP_PERMERROR eval:check_authres_result('dkim-adsp',
'permerror')
header AUTHRES_ADSP_TEMPERROR eval:check_authres_result('dkim-adsp',
'temperror')
header AUTHRES_ADSP_UNKNOWN eval:check_authres_result('dkim-adsp',
'unknown')
score AUTHRES_ADSP_DISCARD 1.5
score AUTHRES_ADSP_FAIL 0.5
score AUTHRES_ADSP_NONE 0.5
score AUTHRES_ADSP_NXDOMAIN 1.5
score AUTHRES_ADSP_PASS -0.5
score AUTHRES_ADSP_PERMERROR 0.5
score AUTHRES_ADSP_TEMPERROR 0.5
score AUTHRES_ADSP_UNKNOWN 0.5
describe AUTHRES_ATPS_FAIL Authentication-Results: has
"dkim-atps=fail" result
describe AUTHRES_ATPS_NEUTRAL Authentication-Results: has
"dkim-atps=neutral" result
describe AUTHRES_ATPS_NONE Authentication-Results: has
"dkim-atps=none" result
describe AUTHRES_ATPS_PASS Authentication-Results: has
"dkim-atps=pass" result
describe AUTHRES_ATPS_PERMERROR Authentication-Results: has
"dkim-atps=permerror" result
describe AUTHRES_ATPS_TEMPERROR Authentication-Results: has
"dkim-atps=temperror" result
header AUTHRES_ATPS_FAIL eval:check_authres_result('dkim-atps',
'fail')
header AUTHRES_ATPS_NEUTRAL eval:check_authres_result('dkim-atps',
'neutral')
header AUTHRES_ATPS_NONE eval:check_authres_result('dkim-atps',
'none')
header AUTHRES_ATPS_PASS eval:check_authres_result('dkim-atps',
'pass')
header AUTHRES_ATPS_PERMERROR eval:check_authres_result('dkim-atps',
'permerror')
header AUTHRES_ATPS_TEMPERROR eval:check_authres_result('dkim-atps',
'temperror')
score AUTHRES_ATPS_FAIL 0.5
score AUTHRES_ATPS_NEUTRAL 0.5
score AUTHRES_ATPS_NONE 1.5
score AUTHRES_ATPS_PASS -1.5
score AUTHRES_ATPS_PERMERROR 0.5
score AUTHRES_ATPS_TEMPERROR 0.5
describe AUTHRES_DKIM_FAIL Authentication-Results: has "dkim=fail"
result
describe AUTHRES_DKIM_PASS Authentication-Results: has "dkim=pass"
result
describe AUTHRES_DKIM_NEUTRAL Authentication-Results: has
"dkim=neutral" result
describe AUTHRES_DKIM_NONE Authentication-Results: has "dkim=none"
result
describe AUTHRES_DKIM_POLICY Authentication-Results: has
"dkim=policy" result
describe AUTHRES_DKIM_PERMERROR Authentication-Results: has
"dkim=permerror" result
describe AUTHRES_DKIM_TEMPERROR Authentication-Results: has
"dkim=temperror" result
header AUTHRES_DKIM_FAIL eval:check_authres_result('dkim', 'fail')
header AUTHRES_DKIM_PASS eval:check_authres_result('dkim', 'pass')
header AUTHRES_DKIM_NEUTRAL eval:check_authres_result('dkim',
'neutral')
header AUTHRES_DKIM_NONE eval:check_authres_result('dkim', 'none')
header AUTHRES_DKIM_POLICY eval:check_authres_result('dkim',
'policy')
header AUTHRES_DKIM_PERMERROR eval:check_authres_result('dkim',
'permerror')
header AUTHRES_DKIM_TEMPERROR eval:check_authres_result('dkim',
'temperror')
score AUTHRES_DKIM_FAIL 0.5
score AUTHRES_DKIM_PASS -0.5
score AUTHRES_DKIM_NEUTRAL 0.5
score AUTHRES_DKIM_NONE 1.5
score AUTHRES_DKIM_POLICY -0.5
score AUTHRES_DKIM_PERMERROR 0.5
score AUTHRES_DKIM_TEMPERROR 0.5
describe AUTHRES_DMARC_BESTGUESSPASS Authentication-Results: has
"dmarc=bestguesspass" result
describe AUTHRES_DMARC_FAIL Authentication-Results: has "dmarc=fail"
result
describe AUTHRES_DMARC_PASS Authentication-Results: has "dmarc=pass"
result
describe AUTHRES_DMARC_NONE Authentication-Results: has "dmarc=none"
result
describe AUTHRES_DMARC_PERMERROR Authentication-Results: has
"dmarc=permerror" result
describe AUTHRES_DMARC_TEMPERROR Authentication-Results: has
"dmarc=temperror" result
header AUTHRES_DMARC_BESTGUESSPASS
eval:check_authres_result('dmarc', 'bestguesspass')
header AUTHRES_DMARC_FAIL eval:check_authres_result('dmarc', 'fail')
header AUTHRES_DMARC_PASS eval:check_authres_result('dmarc', 'pass')
header AUTHRES_DMARC_NONE eval:check_authres_result('dmarc', 'none')
header AUTHRES_DMARC_PERMERROR eval:check_authres_result('dmarc',
'permerror')
header AUTHRES_DMARC_TEMPERROR eval:check_authres_result('dmarc',
'temperror')
score AUTHRES_DMARC_BESTGUESSPASS -0.5
score AUTHRES_DMARC_FAIL 1.5
score AUTHRES_DMARC_PASS -0.5
score AUTHRES_DMARC_NONE 1.5
score AUTHRES_DMARC_PERMERROR 0.5
score AUTHRES_DMARC_TEMPERROR 0.5
describe AUTHRES_IPREV_FAIL Authentication-Results: has "iprev=fail"
result
describe AUTHRES_IPREV_PASS Authentication-Results: has "iprev=pass"
result
describe AUTHRES_IPREV_PERMERROR Authentication-Results: has
"iprev=permerror" result
describe AUTHRES_IPREV_TEMPERROR Authentication-Results: has
"iprev=temperror" result
header AUTHRES_IPREV_FAIL eval:check_authres_result('iprev', 'fail')
header AUTHRES_IPREV_PASS eval:check_authres_result('iprev', 'pass')
header AUTHRES_IPREV_PERMERROR eval:check_authres_result('iprev',
'permerror')
header AUTHRES_IPREV_TEMPERROR eval:check_authres_result('iprev',
'temperror')
score AUTHRES_IPREV_FAIL 1.5
score AUTHRES_IPREV_PASS -1.5
score AUTHRES_IPREV_PERMERROR 0.5
score AUTHRES_IPREV_TEMPERROR 0.5
describe AUTHRES_SPF_FAIL Authentication-Results: has "spf=fail"
result
describe AUTHRES_SPF_HARDFAIL Authentication-Results: has
"spf=hardfail" result
describe AUTHRES_SPF_NEUTRAL Authentication-Results: has
"spf=neutral" result
describe AUTHRES_SPF_NONE Authentication-Results: has "spf=none"
result
describe AUTHRES_SPF_PASS Authentication-Results: has "spf=pass"
result
describe AUTHRES_SPF_PERMERROR Authentication-Results: has
"spf=permerror" result
describe AUTHRES_SPF_POLICY Authentication-Results: has "spf=policy"
result
describe AUTHRES_SPF_SOFTFAIL Authentication-Results: has
"spf=softfail" result
describe AUTHRES_SPF_TEMPERROR Authentication-Results: has
"spf=temperror" result
header AUTHRES_SPF_FAIL eval:check_authres_result('spf', 'fail')
header AUTHRES_SPF_HARDFAIL eval:check_authres_result('spf',
'hardfail')
header AUTHRES_SPF_NEUTRAL eval:check_authres_result('spf',
'neutral')
header AUTHRES_SPF_NONE eval:check_authres_result('spf', 'none')
header AUTHRES_SPF_PASS eval:check_authres_result('spf', 'pass')
header AUTHRES_SPF_PERMERROR eval:check_authres_result('spf',
'permerror')
header AUTHRES_SPF_POLICY eval:check_authres_result('spf', 'policy')
header AUTHRES_SPF_SOFTFAIL eval:check_authres_result('spf',
'softfail')
header AUTHRES_SPF_TEMPERROR eval:check_authres_result('spf',
'temperror')
score AUTHRES_SPF_FAIL 1.5
score AUTHRES_SPF_HARDFAIL 2.5
score AUTHRES_SPF_NEUTRAL 0.5
score AUTHRES_SPF_NONE 2.5
score AUTHRES_SPF_PASS -0.5
score AUTHRES_SPF_PERMERROR 0.5
score AUTHRES_SPF_POLICY 0.5
score AUTHRES_SPF_SOFTFAIL 0.5
score AUTHRES_SPF_TEMPERROR 0.5
describe AUTHRES_VBR_FAIL Authentication-Results: has "vbr=fail"
result
describe AUTHRES_VBR_NONE Authentication-Results: has "vbr=none"
result
describe AUTHRES_VBR_PASS Authentication-Results: has "vbr=pass"
result
describe AUTHRES_VBR_PERMERROR Authentication-Results: has
"vbr=permerror" result
describe AUTHRES_VBR_TEMPERROR Authentication-Results: has
"vbr=temperror" result
header AUTHRES_VBR_FAIL eval:check_authres_result('vbr', 'fail')
header AUTHRES_VBR_NONE eval:check_authres_result('vbr', 'none')
header AUTHRES_VBR_PASS eval:check_authres_result('vbr', 'pass')
header AUTHRES_VBR_PERMERROR eval:check_authres_result('vbr',
'permerror')
header AUTHRES_VBR_TEMPERROR eval:check_authres_result('vbr',
'temperror')
score AUTHRES_VBR_FAIL 1.5
score AUTHRES_VBR_NONE 1.5
score AUTHRES_VBR_PASS -1.5
score AUTHRES_VBR_PERMERROR 0.5
score AUTHRES_VBR_TEMPERROR 0.5
describe AUTHRES_AUTH_FAIL Authentication-Results: has "auth=fail"
result
describe AUTHRES_AUTH_NONE Authentication-Results: has "auth=none"
result
describe AUTHRES_AUTH_PASS Authentication-Results: has "auth=pass"
result
describe AUTHRES_AUTH_PERMERROR Authentication-Results: has
"auth=permerror" result
describe AUTHRES_AUTH_TEMPERROR Authentication-Results: has
"auth=temperror" result
header AUTHRES_AUTH_FAIL eval:check_authres_result('auth', 'fail')
header AUTHRES_AUTH_NONE eval:check_authres_result('auth', 'none')
header AUTHRES_AUTH_PASS eval:check_authres_result('auth', 'pass')
header AUTHRES_AUTH_PERMERROR eval:check_authres_result('auth',
'permerror')
header AUTHRES_AUTH_TEMPERROR eval:check_authres_result('auth',
'temperror')
score AUTHRES_AUTH_FAIL 0.5
score AUTHRES_AUTH_NONE 0.5
score AUTHRES_AUTH_PASS -0.5
score AUTHRES_AUTH_PERMERROR 0.5
score AUTHRES_AUTH_TEMPERROR 0.5
describe AUTHRES_DNSWL_NONE Authentication-Results: has "dnswl=none"
result
describe AUTHRES_DNSWL_PASS Authentication-Results: has "dnswl=pass"
result
describe AUTHRES_DNSWL_PERMERROR Authentication-Results: has
"dnswl=permerror" result
describe AUTHRES_DNSWL_TEMPERROR Authentication-Results: has
"dnswl=temperror" result
header AUTHRES_DNSWL_NONE eval:check_authres_result('dnswl', 'none')
header AUTHRES_DNSWL_PASS eval:check_authres_result('dnswl', 'pass')
header AUTHRES_DNSWL_PERMERROR eval:check_authres_result('dnswl',
'permerror')
header AUTHRES_DNSWL_TEMPERROR eval:check_authres_result('dnswl',
'temperror')
score AUTHRES_DNSWL_NONE 1.5
score AUTHRES_DNSWL_PASS -1.5
score AUTHRES_DNSWL_PERMERROR 0.5
score AUTHRES_DNSWL_TEMPERROR 0.5
describe AUTHRES_DOMAINKEYS_FAIL Authentication-Results: has
"domainkey=fail" result
describe AUTHRES_DOMAINKEYS_NEUTRAL Authentication-Results: has
"domainkey=neutral" result
describe AUTHRES_DOMAINKEYS_NONE Authentication-Results: has
"domainkey=none" result
describe AUTHRES_DOMAINKEYS_PASS Authentication-Results: has
"domainkey=pass" result
describe AUTHRES_DOMAINKEYS_PERMERROR Authentication-Results: has
"domainkey=permerror" result
describe AUTHRES_DOMAINKEYS_POLICY Authentication-Results: has
"domainkey=policy" result
describe AUTHRES_DOMAINKEYS_TEMPERROR Authentication-Results: has
"domainkey=temperror" result
header AUTHRES_DOMAINKEYS_FAIL
eval:check_authres_result('domainkeys', 'fail')
header AUTHRES_DOMAINKEYS_NEUTRAL
eval:check_authres_result('domainkeys', 'neutral')
header AUTHRES_DOMAINKEYS_NONE
eval:check_authres_result('domainkeys', 'none')
header AUTHRES_DOMAINKEYS_PASS
eval:check_authres_result('domainkeys', 'pass')
header AUTHRES_DOMAINKEYS_PERMERROR
eval:check_authres_result('domainkeys', 'permerror')
header AUTHRES_DOMAINKEYS_POLICY
eval:check_authres_result('domainkeys', 'policy')
header AUTHRES_DOMAINKEYS_TEMPERROR
eval:check_authres_result('domainkeys', 'temperror')
score AUTHRES_DOMAINKEYS_FAIL 0.5
score AUTHRES_DOMAINKEYS_NEUTRAL 0.5
score AUTHRES_DOMAINKEYS_NONE 0.5
score AUTHRES_DOMAINKEYS_PASS -0.5
score AUTHRES_DOMAINKEYS_PERMERROR 0.5
score AUTHRES_DOMAINKEYS_POLICY 0.5
score AUTHRES_DOMAINKEYS_TEMPERROR 0.5
describe AUTHRES_RRVS_FAIL Authentication-Results: has "rrvs=fail"
result
describe AUTHRES_RRVS_NONE Authentication-Results: has "rrvs=none"
result
describe AUTHRES_RRVS_PASS Authentication-Results: has "rrvs=pass"
result
describe AUTHRES_RRVS_PERMERROR Authentication-Results: has
"rrvs=permerror" result
describe AUTHRES_RRVS_TEMPERROR Authentication-Results: has
"rrvs=temperror" result
describe AUTHRES_RRVS_UNKNOWN Authentication-Results: has
"rrvs=unknown" result
header AUTHRES_RRVS_FAIL eval:check_authres_result('rrvs', 'fail')
header AUTHRES_RRVS_NONE eval:check_authres_result('rrvs', 'none')
header AUTHRES_RRVS_PASS eval:check_authres_result('rrvs', 'pass')
header AUTHRES_RRVS_PERMERROR eval:check_authres_result('rrvs',
'permerror')
header AUTHRES_RRVS_TEMPERROR eval:check_authres_result('rrvs',
'temperror')
header AUTHRES_RRVS_UNKNOWN eval:check_authres_result('rrvs',
'unknown')
score AUTHRES_RRVS_FAIL 0.5
score AUTHRES_RRVS_NONE 0.5
score AUTHRES_RRVS_PASS -0.5
score AUTHRES_RRVS_PERMERROR 0.5
score AUTHRES_RRVS_TEMPERROR 0.5
score AUTHRES_RRVS_UNKNOWN 0.5
describe AUTHRES_SENDER_ID_FAIL Authentication-Results: has
"sender-id=fail" result
describe AUTHRES_SENDER_ID_HARDFAIL Authentication-Results: has
"sender-id=hardfail" result
describe AUTHRES_SENDER_ID_NEUTRAL Authentication-Results: has
"sender-id=neutral" result
describe AUTHRES_SENDER_ID_NONE Authentication-Results: has
"sender-id=none" result
describe AUTHRES_SENDER_ID_PASS Authentication-Results: has
"sender-id=pass" result
describe AUTHRES_SENDER_ID_PERMERROR Authentication-Results: has
"sender-id=permerror" result
describe AUTHRES_SENDER_ID_POLICY Authentication-Results: has
"sender-id=policy" result
describe AUTHRES_SENDER_ID_SOFTFAIL Authentication-Results: has
"sender-id=softfail" result
describe AUTHRES_SENDER_ID_TEMPERROR Authentication-Results: has
"sender-id=temperror" result
header AUTHRES_SENDER_ID_FAIL eval:check_authres_result('sender-id',
'fail')
header AUTHRES_SENDER_ID_HARDFAIL
eval:check_authres_result('sender-id', 'hardfail')
header AUTHRES_SENDER_ID_NEUTRAL
eval:check_authres_result('sender-id', 'neutral')
header AUTHRES_SENDER_ID_NONE eval:check_authres_result('sender-id',
'none')
header AUTHRES_SENDER_ID_PASS eval:check_authres_result('sender-id',
'pass')
header AUTHRES_SENDER_ID_PERMERROR
eval:check_authres_result('sender-id', 'permerror')
header AUTHRES_SENDER_ID_POLICY
eval:check_authres_result('sender-id', 'policy')
header AUTHRES_SENDER_ID_SOFTFAIL
eval:check_authres_result('sender-id', 'softfail')
header AUTHRES_SENDER_ID_TEMPERROR
eval:check_authres_result('sender-id', 'temperror')
score AUTHRES_SENDER_ID_FAIL 0.5
score AUTHRES_SENDER_ID_HARDFAIL 0.5
score AUTHRES_SENDER_ID_NEUTRAL 0.5
score AUTHRES_SENDER_ID_NONE 1.1
score AUTHRES_SENDER_ID_PASS -1.1
score AUTHRES_SENDER_ID_PERMERROR 0.5
score AUTHRES_SENDER_ID_POLICY 0.5
score AUTHRES_SENDER_ID_SOFTFAIL 0.5
score AUTHRES_SENDER_ID_TEMPERROR 0.5
describe AUTHRES_SMIME_FAIL Authentication-Results: has "smime=fail"
result
describe AUTHRES_SMIME_NEUTRAL Authentication-Results: has
"smime=neutral" result
describe AUTHRES_SMIME_NONE Authentication-Results: has "smime=none"
result
describe AUTHRES_SMIME_PASS Authentication-Results: has "smime=pass"
result
describe AUTHRES_SMIME_PERMERROR Authentication-Results: has
"smime=permerror" result
describe AUTHRES_SMIME_POLICY Authentication-Results: has
"smime=policy" result
describe AUTHRES_SMIME_TEMPERROR Authentication-Results: has
"smime=temperror" result
header AUTHRES_SMIME_FAIL eval:check_authres_result('smime', 'fail')
header AUTHRES_SMIME_NEUTRAL eval:check_authres_result('smime',
'neutral')
header AUTHRES_SMIME_NONE eval:check_authres_result('smime', 'none')
header AUTHRES_SMIME_PASS eval:check_authres_result('smime', 'pass')
header AUTHRES_SMIME_PERMERROR eval:check_authres_result('smime',
'permerror')
header AUTHRES_SMIME_POLICY eval:check_authres_result('smime',
'policy')
header AUTHRES_SMIME_TEMPERROR eval:check_authres_result('smime',
'temperror')
score AUTHRES_SMIME_FAIL 0.5
score AUTHRES_SMIME_NEUTRAL 0.5
score AUTHRES_SMIME_NONE 0.5
score AUTHRES_SMIME_PASS -1.5
score AUTHRES_SMIME_PERMERROR 0.5
score AUTHRES_SMIME_POLICY 0.5
score AUTHRES_SMIME_TEMPERROR 0.5
endif
hope it helps others, adjust scores as you need it
above works for me, i just have many more authres_trusted_authserv lines
