On 3/2/23 12:49, Benny Pedersen wrote:
giova...@paclan.it skrev den 2023-03-02 10:04:On 3/1/23 14:30, Benny Pedersen wrote:Henrik K skrev den 2023-03-01 10:28:On Wed, Mar 01, 2023 at 09:56:56AM +0100, Matus UHLAR - fantomas wrote:I have SA 4.0 installed and Mail::SpamAssassin::Plugin::AuthRes available. However, I don't see AuthRes plugin mention in .pre files nor in SA rules.Because it's experimental and unfinished.logic is aswell why should spf pluging be enabled to test if arc chain pass spf ? same problem with dkim imho aslong forwarders insists on doing dkim sign and leave arc seal and arc sign :/I have wip code to check if dkim passes from arc signatures and integrate it into DMARC policies checks.how ?, this code works without authres enabled as i see it
if DKIM fails but ARC passes DMARC policy could be overriden, this part doesn't work. In your case DMARC would pass even without ARC because DKIM is valid.
Return-Path: <dovecot-boun...@dovecot.org> X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on localhost.junc.eu X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=ARC_SIGNED,ARC_VALID,AWL, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DMARC_PASS, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H2,RELAYCOUNTRY_BAD,RELAYCOUNTRY_GREY,SPF_HELO_PASS, SPF_PASS,UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=4.0.0 X-Spam-Timing: total 1713 ms - parse: 1.94 (0.1%), b_tie_ro: 4.4 (0.3%), extract_message_metadata: 41 (2.4%), tests_pri_-10000: 7 (0.4%), compile_gen: 292 (17.1%), get_uri_detail_list: 3.4 (0.2%), tests_pri_-2000: 2.0 (0.1%), compile_eval: 27 (1.6%), tests_pri_-1000: 1.77 (0.1%), tests_pri_-950: 1.21 (0.1%), tests_pri_-900: 1.29 (0.1%), tests_pri_-100: 892 (52.1%), dkim_load_modules: 34 (2.0%), check_dkim_signature: 540 (31.5%), poll_dns_idle: 827 (48.3%), check_spf: 64 (3.7%), tests_pri_-90: 1.41 (0.1%), tests_pri_0: 443 (25.9%), tests_pri_500: 2.1 (0.1%), tests_pri_1000: 12 (0.7%), total_awl: 10 (0.6%), check_awl: 1.95 (0.1%), update_awl: 1.92 (0.1%), rewrite_mail: 0.00 (0.0%) Content analysis details: (-2.8 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [94.237.105.223 listed in wl.mailspike.net] -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [94.237.105.223 listed in list.dnswl.org] -0.1 SPF_PASS SPF: sender matches SPF record -0.1 SPF_HELO_PASS SPF: HELO matches SPF record 0.0 ARC_SIGNED Message has a ARC signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 ARC_VALID Message has a valid ARC signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 RELAYCOUNTRY_GREY Relayed through at some point 1.5 RELAYCOUNTRY_BAD Relayed through at some point 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines -2.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager -0.1 DMARC_PASS DMARC pass policy 0.0 AWL AWL: From: address is in the auto welcome-listAuthres plugin is needed to parse Arc signatures and pass the results to DMARC plugin.yes the magic can be done in dmarc where it belongs authres is imho only for trusted arc signers, not for testing ARC_VALID or ARC_SIGNED confirm it ?, the rules for authres does not work for me, but it seem it does for others ?, why ?
OpenPGP_signature
Description: OpenPGP digital signature
