You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by he...@apache.org on 2018/11/12 17:09:35 UTC
svn commit: r1846448 -
/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/AuthRes.pm
Author: hege
Date: Mon Nov 12 17:09:35 2018
New Revision: 1846448
URL: http://svn.apache.org/viewvc?rev=1846448&view=rev
Log:
Clarify documentation, recommend authres_networks all / authres_trusted_authserv combo.
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/AuthRes.pm
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/AuthRes.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/AuthRes.pm?rev=1846448&r1=1846447&r2=1846448&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/AuthRes.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/AuthRes.pm Mon Nov 12 17:09:35 2018
@@ -25,6 +25,9 @@ Mail::SpamAssassin::Plugin::AuthRes - us
loadplugin Mail::SpamAssassin::Plugin::AuthRes
+authres_trusted_authserv myserv.example.com
+authres_networks all
+
=head1 DESCRIPTION
This plugin parses Authentication-Results header fields and can supply the
@@ -112,16 +115,18 @@ sub set_config {
Process Authenticated-Results headers set by servers from these networks
(refers to SpamAssassin *_networks zones). Any header outside this is
-completely ignored and affects any module settings.
+completely ignored (affects all module settings).
internal = internal_networks
trusted = internal_networks + trusted_networks
all = all above + all external
-Setting "all" makes sense only if your MX servers filter properly all
-incoming A-R headers. Even then it might be safer to just extend SA
-trusted_networks to any external servers whose A-R you want to see, and use
-the "trusted" setting.
+Setting "all" is safe only if your MX servers filter properly all incoming
+A-R headers, and you use authres_trusted_authserv to match your authserv-id.
+This is suitable for default OpenDKIM for example. These settings might
+also be required if your filters do not insert A-R header to correct
+position above the internal Received header (some known offenders: OpenDKIM,
+OpenDMARC, amavisd-milter).
=cut
@@ -144,17 +149,21 @@ the "trusted" setting.
}
});
-=item authres_ignored_authserv authservid1 id2 ... (default: none)
+=item authres_trusted_authserv authservid1 id2 ... (default: none)
-Ignored authentication server IDs (the domain-name-like first word of
+Trusted authentication server IDs (the domain-name-like first word of
Authentication-Results field, also known as C<authserv-id>).
-Any A-R header is ignored if match is found.
+Note that if set, ALL A-R headers are ignored unless a match is found.
+
+Use strongly recommended, possibly along with authres_networks all.
+
+=back
=cut
push (@cmds, {
- setting => 'authres_ignored_authserv',
+ setting => 'authres_trusted_authserv',
is_admin => 1,
default => {},
type => $Mail::SpamAssassin::Conf::CONF_TYPE_HASH_KEY_VALUE,
@@ -164,24 +173,25 @@ Any A-R header is ignored if match is fo
return $Mail::SpamAssassin::Conf::MISSING_REQUIRED_VALUE;
}
foreach my $id (split(/\s+/, lc $value)) {
- $self->{authres_ignored_authserv}->{$id} = 1;
+ $self->{authres_trusted_authserv}->{$id} = 1;
}
}
});
-=item authres_trusted_authserv authservid1 id2 ... (default: none)
+ $conf->{parser}->register_commands(\@cmds);
+}
-Trusted authentication server IDs (the domain-name-like first word of
-Authentication-Results field, also known as C<authserv-id>).
+=item authres_ignored_authserv authservid1 id2 ... (default: none)
-Note that if set, ALL A-R headers are ignored unless a match is found.
+Ignored authentication server IDs (the domain-name-like first word of
+Authentication-Results field, also known as C<authserv-id>).
-=back
+Any A-R header is ignored if match is found.
=cut
push (@cmds, {
- setting => 'authres_trusted_authserv',
+ setting => 'authres_ignored_authserv',
is_admin => 1,
default => {},
type => $Mail::SpamAssassin::Conf::CONF_TYPE_HASH_KEY_VALUE,
@@ -191,14 +201,11 @@ Note that if set, ALL A-R headers are ig
return $Mail::SpamAssassin::Conf::MISSING_REQUIRED_VALUE;
}
foreach my $id (split(/\s+/, lc $value)) {
- $self->{authres_trusted_authserv}->{$id} = 1;
+ $self->{authres_ignored_authserv}->{$id} = 1;
}
}
});
- $conf->{parser}->register_commands(\@cmds);
-}
-
=head1 METADATA
Parsed headers are stored in $pms-E<gt>{authres_parsed}, as a hash of array