On 10-Jul-06, at 9:16 PM, Daryl C. W. O'Shea wrote:
Snip, snip and more snip. Thanks for all that good info.
I see from the header in the message you sent that you have deployed DKIM. I'm hoping to do that as well but not for a while yet. Do similar problems arise with DKIM and SA as we've discussed here with SPF?DKIM doesn't rely on any defined set of relays. It uses the envelope sender (usually just the domain) and the signature found in the headers.
Someday I'll have some time to play with this and get a better understanding of DKIM.
Also note that SPF isn't the only thing suffering from your trust path issues, it's just a symptom you've noticed. You'll also currently be doing dynablock checks against users you'd rather not be, along with a whole slew of other tests that will FP when SA thinks it's testing mail from some random system/zombie and not an authenticated user.
So what you're saying is that I'm better off not scanning authenticated users. I'll take your word on that.
Let me know if you're running Postfix 2.3 and can enable the auth headers in your config. I'll probably get to making a patch tonight as long as the rain doesn't stop and I don't get distracted by the big stash of fireworks I've accumulated. :)
Well I'm running Postfix v2.1.3 (standard in OS X Server 10.4.x.) I'm waiting until Apple previews OS X 10.5 in August to see whether 10.5 includes Postfix v2.3. If not than I may do the upgrade myself in 10.4.
Since SA is being called by Amavisd-new shouldn't the changes to ignore authenticated user happen there? I think I read that somewhere, maybe the Amavis mailing list. That's the problem with being subscribed to all these lists. They all start to run into each other in your head. Off to the archives I go.
BIG STASH OF FIREWORKS! Boy I'm glad you don't live in my neighbourhood. :-O
Daryl
-- Gino Cerullo Pixel Point Studios 21 Chesham Drive Toronto, ON M3M 1W6 T: 416-247-7740 F: 416-247-7503
smime.p7s
Description: S/MIME cryptographic signature
