Re: [exim] sa exim headers: Do they break DKIM

On Sat, 2008-11-01 at 16:56 -0700, Shane W wrote:
> I just finished setting up DKIM on some of our domains
> which signs an email when it goes out. However, one thing
> I'm not sure about is when scanning in the exim ACLs using
> SA Exim, it's adding various x-spam headers but it's
> dropping them at the bottom of the message after the DKIM
> signature header which unless I am off base would render
> the signature invalid.

why do you think that? DKIM doesn't care about ordering, except when
the same header field name is used several times. your X-Spam headers
should use a site specific name, e.g., X-CSY-Spam, to make this less
likely to happen. (you will also fail verification if someone has
signed the same header field you add, another reason to use a "unique"
header field name.)

> Shouldn't the x-spam headers go above the Received header
> which our server adds? That way it is clear to a user
> which machine in the relay path is adding the spam scores?

I would say "no", since "X-Spam" isn't a standardised trace field.
ideally I think you should remove your spam headers when passing the
message on, it is seldom useful to others and only contribute to
bloating up the header.

--
regards,
Kjetil T.