On Mon, Oct 11, 2021 at 08:10:05AM +0000, Kai KRETSCHMANN wrote: > The monitoring rspamd now has no chance to see in the latest Received > header in the connection was received TLS encrpyted or plain text.
If the goal is to leave a forensic trace, then it may be simpler to add an optional list of trace key/value pairs to XCLIENT, which the receiving MTA can choose to add to the message Received header. https://www.rfc-editor.org/rfc/rfc8314.html#section-7.4 While I'd have preferred a slightly different definition of these elements, they're probably sufficient for the needs above. -- Viktor.