> On Mar 31, 2021, at 18:23, Simon Wilson <si...@simonandkate.net> wrote:
>
>
>>
>>> ...if multiple milters are called are they run in order specified?
>>>
>>> smtpd_milters = inet:127.0.0.1:8891,inet:127.0.0.1:8893
>>
>> yes
>>
>>> I.e. in the example above if OpenDMARC is to see and trust an
>>> already-run OpenDKIM Authentication-Results header is the order of
>>> specifying the milters important?
>>
>> yes opendkim need to run before opendmarc, and if you have openarc place
>> that before opendkim, it can be messy if opendmarc checks openarc results,
>> remeber it also need to trust AR headers to be considered good info
>>
>> but i do not use milters self, only do all i need with fuglu
>
> Thanks again Benny. I have policyd-spf set to insert an AR header, and
> OpenDMARC set to trust the Authserv-Id added in Authentication-Results
> headers by policyd-spf and OpenDKIM. All working nicely and good to
> understand the sequence.
Please read CVE-2019-20790, and tell me you’ve found a way to tell PyPolicyd
not to trust the SMTP HELO to generate a passing AR header.
-Dan
>
> Simon.
>
> --
> Simon Wilson
> M: 0400 12 11 16
