Hello Mark,
I'm a little uncomfortable with the DKIM check implemented in amavis.
For unrelated reasons we use an spf-milter and opendkim-milter in
front of amavisd-milter.
So in the moment amavisd-milter get the message there are already two
A-R Header present.
Unfortunately amavisd-new could not "use" the results but has to
verify the DKIM signature again.
There is an option $enable_dkim_verification which could be 0.
In that case SA itself verify the DKIM signature but that fail for
large message
(larger the $sa_mail_body_size_limit) as they aren't fully visible to SA.
As a result we must do the DKIM validation twice which is a wast of
ressources.
Feature Request: Amavisd-new should recognise A-R header and use/trust them.
Assumption: the A-R header aren't present in an incoming message but
really added by a local milter.
The milter we use make sure present A-R header for a given AuthservID
*are* removed.
Andreas
