* John Levine <jo...@taugh.com>:
> >IIRC there isn't at the moment. One thought that comes to mind immediately:
> >
> >If there were it should not be enabled by default or others will try to forge
> >the results. It should only be enabled if a "trust boundary"
> ><http://tools.ietf.org/html/rfc5451#section-1.2> has been established. The
> >documentation should mention that.
>
> You'd need to configure it to tell which authids to accept, perhaps
> defaulting to the host name of the machine SA is running on since
> that's a likely default for the authid.
Agreed. I think it would also - at the trust boundary - need a filter before
the DKIM/SPF verifier that adds the Authentication-Results: header. Its job
would be to remove any Authentication-Results: that claim to belong to ones
own ADMD.
>From a birds view it looks to me like this:
+-------------+ +------------+ +------------+ +------------+
| SMTP server | | DKIM | |SpamAssassin| |SMTP/LDA/...|
|-------------| |------------| |------------| |------------|
| Filter | | Verify | |Use Auth- | | |
+--->| Authenti- |+-->| Add Auth- |+--->|Res-Header |+--->| |
| cation-Res | | Res-header | | | | |
| Header | | | | | | |
+-------------+ +------------+ +------------+ +------------+
At least that's my understanding at the moment.
p@rick
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich
