opendkim/final.lua: also strip Authentication-Results Header

Refactor DKIM-Header-Pruning into a  "if valid-else" construct with a single "return nil" at the end

cmdeploy/src/cmdeploy/opendkim/final.lua

@@ -34,6 +34,15 @@ if valid then
 	for i = nsigs, 1, -1 do
 		odkim.del_header(ctx, "DKIM-Signature", i)
 	end
+
+	-- Delete first and presumably only occurence
+        odkim.del_header(ctx, "Authentication-Results", 0)  
+else
+	odkim.set_reply(ctx, "554", "5.7.1", "No valid DKIM signature found")
+	-- Delete in reverse order to avoid index shifting.
+	for i = nsigs, 1, -1 do
+		odkim.del_header(ctx, "DKIM-Signature", i)
+	end
 else
 	odkim.set_reply(ctx, "554", "5.7.1", error_msg)
 	odkim.set_result(ctx, SMFIS_REJECT)

doc/source/overview.rst

@@ -272,8 +272,8 @@ by OpenDKIM screen policy script before validating the signatures. This
 corresponds to strict :rfc:`DMARC <7489>` alignment (``adkim=s``).
 If there is no valid DKIM signature on the incoming email, the
 sender receives a “5.7.1 No valid DKIM signature found” error.
-After validating the DKIM signature,
-the `final.lua` script strips all ``OpenDKIM:`` headers to reduce message size on disc.
+After validating the DKIM signature, 
+the `final.lua` script strips all ``OpenDKIM:`` headers to reduce message size on disc. 
 
 Note that chatmail relays