On Monday 17 August 2009 11:50:53 Florian Sager wrote: > Correct, there is only a dependency on the results of the DKIM.pm module. > There are DKIM verifiers that add a "Authentication-Results" header to > an email, these results would suffice to request data from > dkim-reputation.org as well; duplicate DKIM checks (in a dkim proxy, in > amavisd, in spamassassin, ...) should be avoided (well, the public keys > for verification should be available in local DNS caches but anyway ...). > @Mark: several equal DKIM checks can be automatically avoided if admins > define trusted server-ids when configuring amavisd and/or spamassassin; > if there is a trusted Authentication-Results header the results are > copied to script internal DKIM result variables instead of running an > additional verification (?).
It would certainly be possible to take verification results from Authentication-Results header fields. I find it a bit tricky to reliably recognize/configure which Authentication-Results are genuinely inserted at our site and which are fake. Btw, starting with SpamAssassin 3.3.0 and amavisd-new-2.6.3 the DKIM verification is done only once, the SA plugin receives verification results through API (passing the Mail::DKIM::Signature objects) and does not call Mail::DKIM checking again. Mark