On 06/09/2011 11:06 AM, Mark Martinec wrote: > Benny, > >>> As a workaround, you may add some header rewrite rule to your MTA >>> which could rewrite a X-Spam-Flag to something else, like >>> X-X-Spam-Flag. >> >> will not give invalid dkim ? > > No, unless the X-Spam-Flag were signed, which is unlikely.
Even so, one could add (instead of rewriting) an X-X-Spam-Flag or X-Original-Spam-Flag or whatever, while leaving the X-Spam-Flag intact and in place. That way, even if for some reason the X-Spam-Flag were signed, DKIM would be unaffected. Or one could perform DKIM verification first [1], then re-write the header, then pass the mail to spamassassin. [1] using opendkim or dkim-filter or whatever. not sure if spamassassin will use that result or perform its own verification, but either way if the goal is to tag, so what if spamassassin also sees a DKIM failure. if humans want to know that it passed for whatever reason, the authentication-results header would still be there. -- Joe Sniderman <joseph.snider...@thoroquel.org>
