Simon Wilson via users skrev den 2024-07-03 14:56:
> Do I also need to disable the normal SA DKIM plugin evaluation, i.e.
> trusting my upstream authres_trusted_authserv only?
both works in paralel, so no need to disable, best results came from
both enabled
its up to you to add more authres_trusted_authserv or more
authres_ignored_authserv lines
possible we can now have a very long debate on dmarc plugin ? :)
my question is does spamassassin dmarc plugin use authres results ?
- SA's DKIM plugin has failed a message so USER_IN_DKIM_WHITELIST tag will not
get assigned, and a +0.1 is added for a DKIM fail
- with AuthRes plugin installed, my trusted Authentication-Results header ‘DKIM
pass’ = -0.5 is applied
- yes, the -0.5 overrides the +0.1 from the false DKIM fail, but this does not
overcome the reason I wanted the sender in whitelist_auth - to overcome the FP
of their emails triggering a KAM rule
Ideally what I want is for authres.cf to combine:
header AUTHRES_DKIM_PASS eval:check_authres_result('dkim', 'pass')
with
header USER_IN_DKIM_WHITELIST eval:check_for_dkim_whitelist_from()
and generate -100 that the DKIM plugin assigns to a DKIM
pass/USER_IN_DKIM_WHITELIST entry.
…but I don't know how to do that properly. I can combine into a meta rule, but
that will call the existing DKIM plugin's subroutine to evaulate
USER_IN_DKIM_WHITELIST, and I'm not sure if that will work.
