Am 21.12.25 um 00:31 schrieb Bill Cole:
SA knows nothing about Amavis and its configuration. SA can only process what it is given.
Hello Bill, Thomas Barth run a OpenDKIM verifier before checking the message with amavis. SA try again to verify the same DKIM signatures. This waste resources and fail by design for messages larger then Amavis' $sa_mail_body_size_limit OpenDKIM write A-R header conforming to RFC 7601 [1] Such header contain an Authentication Identifier (mx1.example.de in Thomas' case, see [2] for definition). OpenDKIM remove all existing A-R header with OpenDKIM's own Authentication Identifier [3] But every admin should verify that before apply any trust to them... Said that, my question: Is there a way to configure SA to not check DKIM signatures itself again but parse an existing A-R header from a given Authentication Identifier? Andreas [1] https://datatracker.ietf.org/doc/html/rfc7601 [2] https://datatracker.ietf.org/doc/html/rfc7601#section-2.5 [3] https://manpages.debian.org/trixie/opendkim/opendkim.conf.5.en.html#RemoveARFrom
