Is there anything in RFC-2822 (or other RFC) that says that an MTA can't take those X-Spam headers that SpamAssassin so nicely put at the top of the message and move them to the bottom? Our MTA moves these headers and some others and I'm wondering if we have any basis for griping about it. It seems like this would break DomainKeys, but I don't see anything in 2822 that would prohibit this (as long as the Received: headers aren't rearranged).
> -----Original Message----- > From: Magnus Holmgren [mailto:[EMAIL PROTECTED] > Sent: Monday, June 12, 2006 10:08 AM > To: users@spamassassin.apache.org > Subject: Re: SA tags above header info > > On Monday 03 October 2005 18:14, Nix took the opportunity to write: > > On Sat, 1 Oct 2005, [EMAIL PROTECTED] stated: > > > Which begs the question I don't remember anybody asking: "What the > > > <censored> is "DomainKeys" and why should it experience a special > > > exception to sane ordering if header information with time of > > > application ordered message tags? > > > > It's a scheme whereby the headers get cryptographically signed, as a > > body, with a key derived from a DNS lookup; another anti-forgery > > scheme, like SPF, only hopefully more forwarding-friendly. > > > > The idea is that relays sign the headers from a given Received: line on > > down, thus validating the path a mail has taken without breaking the > > ability for further relays to add Received lines. So adding things > > above Received lines is safe: adding them below invalidates the DK > > signature. > > One remark I haven't seen yet is that the "DomainKey-Signature:" field can > include an "h" tag, which specifies which header fields are included in > the > signature. If that tag is included (and I think it usually is(?)) and > there > aren't already any X-Spam-* fields that have been signed, then it should > be > safe to add SA's header lines below, just like before. If the "h" tag > isn't > present, adding it shouldn't change the verfication status, but I don't > think > it's allowed. > > Always prepending SA's header lines clearly is the easiest thing to do. > > > (Yes, I think it looks ugly, too.) > > Me too, but it's probably just because I'm used to it. Always adding new > headers to the top has the additional benefit that it's easier to see > which > relay added what. > > -- > Magnus Holmgren [EMAIL PROTECTED] > (No Cc of list mail needed, thanks)
