Re: [exim] ARC signing and verification

Wed, 22 Apr 2020 12:13:01 -0700 


On Tue, 21 Apr 2020, Tom Crane via Exim-users wrote:


On Mon, 20 Apr 2020, Jeremy Harris via Exim-users wrote:


On 20/04/2020 14:33, Tom Crane via Exim-users wrote:

    I am attempting to configure my server (exim-4.92.3) to ARC
(Authenticated Received Chain) sign and possibly also verify messages.


There's been several ARC-related fixes since then; I suggest you
consider moving closer to the bleeding-edge.
I will do so. exim-4.93.tar.bz2 looks like the latest stable release to build.
I spent many hours unsuccessfully trying to build exim-4.93 on SLC6 (RHEL6 derivative). It appears to need a large number of patches, as there are in the EPEL distro's rpmbuild script for exim-4.92.3.
I gave up and enabled ARC using the system's current exim-4.92.3 rpmbuild system. The initial/testing (exim.conf) configuration I have now is, 

acl_check_data:
warn verify = arc
warn logwrite = arc_state: <$ arc_state> condition = $ {if def: arc_state_reason} 
logwrite = reason: <$ arc_state_reason>
accept add_header =: at_start: $ {authresults {$primary_hostname}}
...

remote_smtp:
  driver = smtp

dkim_domain = $sender_address_domain
dkim_selector = selector3
dkim_private_key = /etc/exim/dkim/selector3.pem
dkim_canon = relaxed
arc_sign = $primary_hostname : selector3 : /etc/exim/dkim/selector3.pem
...
Now I get "ARC: no Authentication-Results header for signing" logs for each email processed in /var/log/exim/main.log and no emails get any ARC-* header fields added or an added "Authentication-Results:" field. 

From the experimental-spec.txt file,
        Caveats:
         * There must be an Authentication-Results header, presumably added by 
an ACL
           while receiving the message, for the same ADMD, for arc_sign to 
succeed.
           This requires careful coordination between inbound and outbound 
logic.
Is this the reason I get no ARC-* header added? If so why is the above add_header statement not doing so? 

Thanks
Tom Crane
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to