Upcoming Release: feature Request

Mark Martinec Mark.Martinec+amavis at ijs.si
Thu Feb 18 16:21:14 CET 2016


Mark Martinec:
> AuthServID by itself is not good enough, such header field must also
> belong to a set of trusted fields. SpamAssassin solves the problem
> of determining which header fields can be trusted by settings
> trusted_networks / internal_networks / msa_networks.

Patrick Ben Koetter:
> How would you do that in a MILTER setup?

Right, you can't, as a milter adds its header before MTA gets
a chance to add its Received header field.


Andreas Schulze:
> don't agree...
> 
> A-R header are defined by RFC7001
> there is also a section about "Remove Existing Header Fields":
> http://tools.ietf.org/html/rfc7001#section-5
> replace "conforming MTA" by "conforming MILTER" while reading :-)

If a milter happens to be down there is noone to remove
these header fields. There is no distinction between
a milter-inserted AR field, and a case when a milter happens
to be down and such header field arrives from untrusted source.

Anyway, parsing AR field is nontrivial (think of all
places where CFWS can appear (with nested comments),
and a quoted-string (in a syntax of a 'value'), and
spanning results across multiple AR header fields.

Not likely to happen in the 2.11 release.

   Mark


More information about the amavis-users mailing list