~runxiyu/smlmp#2: 
Use Authentication-Results header

The Authentication-Results header is provided by many MTAs (such as Postfix with OpenDKIM). When such a header is found, it should be used, instead of the program attempting to use the dkimpy module to re-verify DKIM.

By default, OpenDKIM only adds Authentication-Results when the originating domain has a "signs all" policy. Add AlwaysAddARHeader yes to opendkim.conf to override this. However, note that Authentication-Results would NOT be added to mail sent by the MTA to a user on itself, since it'd be signing rather than verifying in its pass through OpenDKIM. In this case, the Authentication-Results header would be completely missing, rather than some variation of none or fail. Is it safe to assert that the email comes from our own server in this situation?

Status
REPORTED
Submitter
~runxiyu (unverified)
Assigned to
No-one
Submitted
1 year, 6 months ago
Updated
1 year, 6 months ago
Labels
No labels applied.