giova...@paclan.it skrev den 2023-03-02 10:04:
On 3/1/23 14:30, Benny Pedersen wrote:
Henrik K skrev den 2023-03-01 10:28:
On Wed, Mar 01, 2023 at 09:56:56AM +0100, Matus UHLAR - fantomas wrote:
I have SA 4.0 installed and Mail::SpamAssassin::Plugin::AuthRes available. However, I don't see AuthRes plugin mention in .pre files nor in SA rules.
Because it's experimental and unfinished.

logic is aswell

why should spf pluging be enabled to test if arc chain pass spf ?

same problem with dkim imho

aslong forwarders insists on doing dkim sign and leave arc seal and arc sign :/

I have wip code to check if dkim passes from arc signatures and
integrate it into DMARC policies checks.

how ?, this code works without authres enabled as i see it

Return-Path: <dovecot-boun...@dovecot.org>
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on localhost.junc.eu
X-Spam-Level:
X-Spam-Status: No, score=-2.8 required=5.0 tests=ARC_SIGNED,ARC_VALID,AWL,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DMARC_PASS,
        HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,
        RCVD_IN_MSPIKE_H2,RELAYCOUNTRY_BAD,RELAYCOUNTRY_GREY,SPF_HELO_PASS,
        SPF_PASS,UNPARSEABLE_RELAY autolearn=no autolearn_force=no
        version=4.0.0
X-Spam-Timing: total 1713 ms - parse: 1.94 (0.1%), b_tie_ro: 4.4 (0.3%),
        extract_message_metadata: 41 (2.4%), tests_pri_-10000: 7 (0.4%),
        compile_gen: 292 (17.1%), get_uri_detail_list: 3.4 (0.2%),
        tests_pri_-2000: 2.0 (0.1%), compile_eval: 27 (1.6%), tests_pri_-1000:
        1.77 (0.1%), tests_pri_-950: 1.21 (0.1%), tests_pri_-900: 1.29 (0.1%),
        tests_pri_-100: 892 (52.1%), dkim_load_modules: 34 (2.0%),
        check_dkim_signature: 540 (31.5%), poll_dns_idle: 827 (48.3%),
        check_spf: 64 (3.7%), tests_pri_-90: 1.41 (0.1%), tests_pri_0: 443
        (25.9%), tests_pri_500: 2.1 (0.1%), tests_pri_1000: 12 (0.7%),
        total_awl: 10 (0.6%), check_awl: 1.95 (0.1%), update_awl: 1.92 (0.1%),
        rewrite_mail: 0.00 (0.0%)

Content analysis details:   (-2.8 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
                            [94.237.105.223 listed in wl.mailspike.net]
-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/,
                            medium trust
                            [94.237.105.223 listed in list.dnswl.org]
-0.1 SPF_PASS               SPF: sender matches SPF record
-0.1 SPF_HELO_PASS          SPF: HELO matches SPF record
 0.0 ARC_SIGNED             Message has a ARC signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
 0.0 ARC_VALID              Message has a valid ARC signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
                            domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 0.1 RELAYCOUNTRY_GREY      Relayed through at some point
 1.5 RELAYCOUNTRY_BAD       Relayed through at some point
 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
                            domains are different
0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
-2.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                            manager
-0.1 DMARC_PASS             DMARC pass policy
0.0 AWL AWL: From: address is in the auto welcome-list

Authres plugin is needed to parse Arc signatures and pass the results
to DMARC plugin.

yes the magic can be done in dmarc where it belongs

authres is imho only for trusted arc signers, not for testing ARC_VALID or ARC_SIGNED

confirm it ?, the rules for authres does not work for me, but it seem it does for others ?, why ?

Reply via email to