From 19115cd2e435f2cdcdd44524c404263e64723eb7 Mon Sep 17 00:00:00 2001
From: Matt Simerson <matt@tnpi.net>
Date: Tue, 17 Dec 2013 14:13:51 -0800
Subject: [PATCH] move Auth-Results header to Original-Auth-Results

this was in a sub, commented out as a TODO to delete them. Instead of deleting, move the Authentication-Results header on incoming messages to the Original-A-R.
---
 lib/Qpsmtpd/SMTP.pm | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/lib/Qpsmtpd/SMTP.pm b/lib/Qpsmtpd/SMTP.pm
index 1589472..fe8e63e 100644
--- a/lib/Qpsmtpd/SMTP.pm
+++ b/lib/Qpsmtpd/SMTP.pm
@@ -23,7 +23,7 @@ use Net::DNS;
 
 # this is only good for forkserver
 # can't set these here, cause forkserver resets them
-#$SIG{ALRM} = sub { respond(421, "Game over pal, game over. You got a timeout; I just can't wait that long..."); exit };
+#$SIG{ALRM} = sub { respond(421, "timeout; I can't wait that long..."); exit };
 #$SIG{ALRM} = sub { warn "Connection Timed Out\n"; exit; };
 
 sub new {
@@ -818,17 +818,24 @@ sub authentication_results {
 sub clean_authentication_results {
     my $self = shift;
 
-# On messages received from the internet, we may want to remove
-# the Authentication-Results headers added by other MTAs, so our downstream
-# can trust the new A-R header we insert.
-# We do not want to invalidate DKIM signatures.
-# TODO: parse the DKIM signature(s) to see if A-R header is signed
-    return if $self->transaction->header->get('DKIM-Signature');
+# http://tools.ietf.org/html/draft-kucherawy-original-authres-00.html
 
-    my @headers = $self->transaction->header->get('Authentication-Results');
-    for ( my $i = 0; $i < scalar @headers; $i++ ) {
+# On messages received from the internet, move Authentication-Results headers
+# to Original-AR, so our downstream can trust the A-R header we insert.
+
+# TODO: Do not invalidate DKIM signatures.
+#   if $self->transaction->header->get('DKIM-Signature')
+#       Parse the DKIM signature(s)
+#       return if A-R header is signed;
+#   }
+
+    my @ar_headers = $self->transaction->header->get('Authentication-Results');
+    for ( my $i = 0; $i < scalar @ar_headers; $i++ ) {
         $self->transaction->header->delete('Authentication-Results', $i);
+        $self->transaction->header->add('Original-Authentication-Results', $ar_headers[$i]);
     }
+
+    $self->log(LOGDEBUG, "Authentication-Results moved to Original-Authentication-Results" );
 };
 
 sub received_line {