The X-Bogosity header is written at the end of the message headers in the write_message method of passthrough.c.
DomainKeys and DKIM are anti-spoofing technologies that add a cyptographic signaure of a hash of the the entire email message after the DomainKey-Signature or DKIM-Signature line, including email headers. If any headers are added after after one of these lines, it will spoil the signature and invalidate the spoof protection of these technologies.
Bogofilter should be modified to inject the X-Bogosity header before any DomainKeys-Signature or DKIM-Signature line that exists in the message.
Log in to post a comment.