[Assp-test] DMARC record and DKIMcache (ASSP 2.8.2)

[Zrin <zri...@zi...>]

Hi Thomas,

does ASSP create DKIMcache entry for domains that have published a DMARC 
record (e.g. "v=DMARC1; p=none" under _dmarc.example.com) but do not 
have DKIM, i.e. there is no mail._domainkey.example.com?

It seems to me that it does that and that it later complains that the 
incoming e-mails from that domain do not have DKIM-Signature:

[scoring] DKIM domain mismatch - example.com found in DKIMCache, but no DKIM-Signature found in mail header (Cache)
Message-Score: added 25 (dkimValencePB) for DKIM domain mismatch - example.com found in DKIMCache, but no DKIM-Signature found in mail header, total score for this message is now 35
Message-Score: added -5 (spfpValencePB) for SPF pass, total score for this message is now 30
info: domain ziborski.net has published a DMARC record

Also, I've just noticed that ASSP checks and gives negative score for 
IP/HELLO for authenticated e-mail clients:

2024/11/07 11:57:56 77076-69079 [Worker_1] [TLS-in] <ASSP IP> [OIP: <client externel IP>]<fr...@ex...>  to:rec...@do...  Originating IP/HELO:  <client ext IP> / [192.168.xxx.xxx]
2024/11/07 11:57:56 77076-69079 [Worker_1] [TLS-in] <ASSP IP> [OIP: 212.17.78.158]<fr...@ex...>  to:rec...@do...  Message-Score: added 5 (fiphValencePB) for Suspicious HELO - contains IP: '[192.168.xxx.xxx]', total score for this message is now 5
2024/11/07 11:57:56 77076-69079 [Worker_1] [TLS-in] <ASSP IP> [OIP: 212.17.78.158]<fr...@ex...>  to:rec...@do...  [scoring] (Suspicious HELO - contains IP: '[192.168.xxx.xxx]')
2024/11/07 11:57:56 77076-69079 [Worker_1] [TLS-in] <ASSP IP> [OIP: 212.17.78.158]<fr...@ex...>  to:rec...@do...  Message-Score: added 5 (fiphmValencePB) for IP in HELO '[192.168.xxx.xxx]' does not match IP in connection '<client ext ip>' , total score for this message is now 10

It seems to me that this wasn't the case before update to 2.8.x (?)

Thank you in advance,
Zrin