Re: [Assp-user] Adding Authentication-Results header to ASSP?

[Thomas Eckardt]

ASSP never adds the "X-Original-Authentication-Results” header to outgoing 
mails.
ASSP never adds a DKIM signature to incoming mails. So it is impossible to 
protect a possible Authentication-Results header using DKIM.
Authentication-Results headers are insecure, as long as they are not 
signature protected. Without a signature protection, such headers can be 
added and removed elsewhere.
If configured, assp adds a ARC-signature to incoming and outgoing mails. 
This is the recommended way to provide authentication results to the local 
MTA and upstream servers. Eric, I saw your mail to the mailing-list was 
already ARC signed - so, what is the problem?


How ever - if you need to change the headers added by assp, have a look in 
to 'sub makeMyheader' in assp.pl -> the part after 

if (defined &CorrectASSPcfg::modMyHeader) {
....
}

In 'sub modMyHeader' in lib/CorrectASSPcfg.pm you can modify the content 
of $this->{myheader}.

Thomas





Von:    "Eric Germann via Assp-user" <assp-user@lists.sourceforge.net>
An:     "For Users of ASSP" <Assp-user@lists.sourceforge.net>
Kopie:  "Eric Germann" <ekgerm...@semperen.com>
Datum:  12.04.2022 20:03
Betreff:        [Assp-user] Adding Authentication-Results header to ASSP?



Am I missing some setting in ASSP for it to add the 
“Authentication-Results” header to an email passing thru?

It already adds "X-Original-Authentication-Results” to the email so it’s 
doing some validation of DKIM, DMARC, and ARC.

Thoughts?

---
Eric Germann
ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
LinkedIn: https://www.linkedin.com/in/ericgermann
Medium: https://ekgermann.medium.com 
Twitter: @ekgermann
Telegram || Signal || Skype || Phone +1 {dash} 419 {dash} 513 {dash} 0712

GPG Fingerprint: 89ED 36B3 515A 211B 6390  60A9 E30D 9B9B 3EBF F1A1






_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally 
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no 
known virus in this email!
*******************************************************




_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user