Dňa 16. novembra 2022 19:14:37 UTC používateľ Michael Peddemors via mailop <[email protected]> napísal:
>However, I do question "it must not be removed (even nor inspected its >presence) on transport" > >If a server or relay realizes that it was incorrectly added, eg that in >reality it isn't the final destination, it SHOULD remove it before passing it >on. I would further state, that if a DKIM signature is added that includes >Return-Path, that it be considered invalid. The question is, should that >relay system then simply reject the message? I started to write reply, but then i realized, that i cannot provide it, until we precise define server roles, as my reply becomes too complicated, with too many "but". I believe, that you know that even MSA is relay, and it is server too, and that MSAs has own RFC, which, beside other, allows message modifications in some cases. Technically relay is any SMTP hop, but many of us here have more complicated internal email flow with multiple hops in in one or both directions (incoming/outgoing), some even from time to time introduces third direction -- loop :-D , but that internal relays can do relative anything with message, as i understand RFC definitions as rules for public communication. And when we will try to specify exact roles, soon or later we'll find, that some scenario is missing. Thus only one right rule comes into my mind: "be strict in what you send out and be liberal with wh́at you get in". In this case, ignore that header from public net and remove/reject from your clients. With your DKIM question it is the same. The signer can be your client (customer), but it can be foreign one, totally out of your control. Which one do you mean? Reject messages with that signature from your clients and ignore that from foreign. Of course, all of this doesn't affects SPAM filtering... BTW, i checked exim's docs with regard how it process Return-Path header, and i found that it deletes it from incomming messages by default (see return_path_remove main option). IMO that default is wrong, but at least anyone can disable it. I do not know how other MTAs does it. regards -- Slavko https://www.slavino.sk/ _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
