https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7224
--- Comment #6 from Alessandro Vesely <[email protected]> --- > Anyone been running with this patch in production for a while > to test it in the real world? Oops, not me. My patched version must have been overwritten during some system upgrade. > The before and after attachments seem to be drastically different Yes, the ``split("\n", scanner->get'' approach assumes Received-SPF headers stay in a single line. Since the header field is rather longish, and the standard used to impose 78-char limits, Received-SPF: are customarily folded into several lines. Of course, only the first line contains the header field name "Received-SPF". See "Long Header Fields" in the standard: https://tools.ietf.org/html/rfc5322#section-2.2.3 The existing code catches only the SPF result ($1), only in the vast majority of cases. The code looking for identity ($2) tag won't usually act. For Authentication-Results: header fields, the most common habit is to fold after each semicolon, so the likelihood to catch an SPF result that way is very low. An alternative, and more general way to fix this flaw is to equip the scanner object with a method to retrieve unfolded header fields. Unfolding is the purpose of the substitution ``s/\n\n\s+/ /sg'', in the patch. In that respect, the presence of two consecutive line feeds should be considered a bug in its own right, since only a single line feed is present in either folding white space (FWS) or between consecutive header fields. In the same respect, since Authentication-Results: is a generic header field used also by other authentication methods (such as DKIM and DMARC) it should be parsed once. My understanding is that the SA plugins which deal with those protocols are lagging in a useless state limbo. In fact, the way email authentication is currently deployed, makes it relevant only to giant mailbox providers, who have such a wide user base that they can keep reliable statistics about identified actors. The rest of us have not yet understood how to use SPF and DKIM results. Ale -- You are receiving this mail because: You are the assignee for the bug.
