Skip to content

Don't look for X-DKIM-Authentication-Results headers

meskio requested to merge meskio/bridgedb:remove_dkim_authentication_header into main

opendkim produces 'Authentication-Results' header to indicate if the dkim signature is valid, but nothing in our current infraestructure produces or reads X-DKIM-Authentication-Results. Check only for 'Authentication-Results' so an attacker will not be able to fake an email without really comming from an authorized provider.

Merge request reports