Mon, 06 Apr 2026 04:02:57 +0000 https://bugs.horde.org/ticket/14408 addReceivedHeader() interaction with SpamAssassin trustedpath Horde_Pear (2.9.5) Horde/Mime/Headers/Deprecated.php function addReceivedHeader() adds: Received from ... by ... (Horde Framework) with HTTP; ... if $_SERVER['HTTPS'] is "on" adds: Received from ... by ... (Horde Framework) with HTTPS; ... This is "correct" but Spamassassin doesnt recognize it as a authenticated user on trusted path and check message against all remote IP rules. Q&D workaround: diff /usr/share/pear/Horde/Mime/Headers/Deprecated.php.orig /usr/share/pear/Horde/Mime/Headers/Deprecated.php 146c146 < ($is_ssl ? 'S' : '') . '; ' . date('r') --- > ($is_ssl ? '' : '') . '; ' . date('r') I will open a similar bug on Spamassassin: diff /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message/Metadata/Received.pm* 408c408 < if (/ by / && / with ((?:ES|L|UTF8S|UTF8L)MTPS?A|ASMTP|HTTPU?)(?: |;|$)/i) { --- > if (/ by / && / with ((?:ES|L|UTF8S|UTF8L)MTPS?A|ASMTP|HTTP(S|U)?)(?: |;|$)/i) { Regards Valerio Pulese Wed, 22 Jun 2016 13:23:21 +0000 https://bugs.horde.org/ticket/14408#t90704 Michael, you introduced this, can you explain the rationale? Wed, 22 Jun 2016 14:19:23 +0000 https://bugs.horde.org/ticket/14408#t90705 > Michael, you introduced this, can you explain the rationale? Yes, it provides a more complete and accurate audit trail. This helps when the email in question must be shown to be transmitted in a secure manner. For example, email that contains protected health information covered by HIPAA must have an audit trail that shows completely secure transmission (a minimum of TLS security and if webmail is used, SSL is reqiured). Thu, 23 Jun 2016 22:02:54 +0000 https://bugs.horde.org/ticket/14408#t90707 So it's up to SpamAssassin to update their rules. Fri, 24 Jun 2016 09:25:41 +0000 https://bugs.horde.org/ticket/14408#t90711