Simon Wilson via users skrev den 2024-07-03 14:56: > Do I also need to disable the normal SA DKIM plugin evaluation, i.e. > trusting my upstream authres_trusted_authserv only?
both works in paralel, so no need to disable, best results came from both enabled its up to you to add more authres_trusted_authserv or more authres_ignored_authserv lines possible we can now have a very long debate on dmarc plugin ? :) my question is does spamassassin dmarc plugin use authres results ? - SA's DKIM plugin has failed a message so USER_IN_DKIM_WHITELIST tag will not get assigned, and a +0.1 is added for a DKIM fail - with AuthRes plugin installed, my trusted Authentication-Results header ‘DKIM pass’ = -0.5 is applied - yes, the -0.5 overrides the +0.1 from the false DKIM fail, but this does not overcome the reason I wanted the sender in whitelist_auth - to overcome the FP of their emails triggering a KAM rule Ideally what I want is for authres.cf to combine: header AUTHRES_DKIM_PASS eval:check_authres_result('dkim', 'pass') with header USER_IN_DKIM_WHITELIST eval:check_for_dkim_whitelist_from() and generate -100 that the DKIM plugin assigns to a DKIM pass/USER_IN_DKIM_WHITELIST entry. …but I don't know how to do that properly. I can combine into a meta rule, but that will call the existing DKIM plugin's subroutine to evaulate USER_IN_DKIM_WHITELIST, and I'm not sure if that will work. OK, I have done the following and it seems to be working, but will take guidance on if this is going to have unexpected consequences from my ignorance… - removed the SA DKIM plugin from loading - Authres plugin working and trusting my own mail server's auth tests (including DKIM) - created a meta rule: ## Whitelist Wasabi, subject to passing of auth header __LR_FROM_WASABI From =~ /support\@wasabi\.com/i meta LR_WASABI_AUTH (__LR_FROM_WASABI && AUTHRES_DKIM_PASS && AUTHRES_SPF_PASS) score LR_WASABI_AUTH -100 This now scores the Wasabi emails OK. Please feel free to tell me if this was a really bad plan :) Simon