[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenARC header info
[Thread Prev] | [Thread Next]
- Subject: Re: OpenARC header info
- From: Seth Blank <seth@xxxxxxxxxxxx>
- Date: Fri, 10 Aug 2018 15:47:37 -0700
Gmail does not add ARC header fields to outbound messages that originate from gmail. OpenARC will only add its own ARC Set to a message in Sealing mode (either with no mode flag set, or with "s" in the mode flag). In validation mode, there should be at a minimum an arc Authentication-Results stamp, that should look like "Authentication-Results: [authservid]; arc=none" Do you see that show up if you're explicitly in mode "v" ? Seth On Fri, Aug 10, 2018 at 3:42 PM, Rolf E. Sonneveld < R.E.Sonneveld@xxxxxxxxxxxxx> wrote: > All, > > > On 11-08-18 00:04, Rolf E. Sonneveld wrote: > >> Hi, >> >> using the following configuration: >> >> AuthservID mx3.mailtransaction.com >> Domain mx3.mailtransaction.com >> KeepTemporaryFiles no >> KeyFile /etc/openarc/201808.private >> MilterDebug 0 >> Mode v >> Selector 201808 >> SignatureAlgorithm rsa-sha256 >> Socket inet:3336@localhost >> SoftwareHeader yes >> Syslog Yes >> SyslogFacility mail >> TemporaryDirectory /tmp >> UserID openarc:openarc >> >> For an incoming test message I see the following in the logfile: >> >> Aug 10 23:49:52 lithium postfix-inet0/smtpd[7359]: connect from >> mail-yw1-f54.google.com[209.85.161.54] >> Aug 10 23:49:53 lithium postfix-inet0/smtpd[7359]: Anonymous TLS >> connection established from mail-yw1-f54.google.com[209.85.161.54]: >> TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) >> Aug 10 23:49:53 lithium postfix-inet0/smtpd[7359]: 41nJgj7403z2nGHV: >> client=mail-yw1-f54.google.com[209.85.161.54] >> Aug 10 23:49:54 lithium postfix-inet0/cleanup[7362]: 41nJgj7403z2nGHV: >> message-id=<CAJV=Fezkvghnk3Q4hK_BfkEB9f_CG46=A4Ju5PzRtmg+ >> 1RxzmA@xxxxxxxxxxxxxx> >> Aug 10 23:49:54 lithium opendkim[1335]: 41nJgj7403z2nGHV: >> mail-yw1-f54.google.com [209.85.161.54] not internal >> Aug 10 23:49:54 lithium opendkim[1335]: 41nJgj7403z2nGHV: not >> authenticated >> Aug 10 23:49:54 lithium opendkim[1335]: 41nJgj7403z2nGHV: DKIM >> verification successful >> Aug 10 23:49:54 lithium opendkim[1335]: 41nJgj7403z2nGHV: s=20161025 d= >> gmail.com SSL >> Aug 10 23:49:54 lithium opendmarc[19642]: implicit authentication >> service: mx3.mailtransaction.com >> Aug 10 23:49:54 lithium opendmarc[19642]: 41nJgj7403z2nGHV: gmail.com >> pass >> Aug 10 23:49:54 lithium postfix-inet0/qmgr[7215]: 41nJgj7403z2nGHV: from=< >> rolf.sonneveld@xxxxxxxxx>, size=2821, nrcpt=1 (queue active) >> Aug 10 23:49:54 lithium postfix-inet0/smtpd[7359]: disconnect from >> mail-yw1-f54.google.com[209.85.161.54] ehlo=2 starttls=1 mail=1 rcpt=1 >> data=1 quit=1 commands=7 >> Aug 10 23:49:54 lithium postfix-inet0/smtp[7363]: 41nJgj7403z2nGHV: to=< >> r.e.sonneveld@xxxxxxxxxxxxx>, relay=mx25.mailtransaction.com[78.46.16.213]:1025, >> delay=0.95, delays=0.76/0.01/0.09/0.09, dsn=2.0.0, status=sent (250 2.0.0 >> Ok: queued as 41nJgk3f5wz1tp58) >> Aug 10 23:49:54 lithium postfix-inet0/qmgr[7215]: 41nJgj7403z2nGHV: >> removed >> >> In the header of the mail I see: >> >> ARC-Filter: OpenARC Filter v0.1.0 mx3.mailtransaction.com >> 41nJgj7403z2nGHV >> DMARC-Filter: OpenDMARC Filter v1.3.1 mx3.mailtransaction.com >> 41nJgj7403z2nGHV >> Authentication-Results: mx3.mailtransaction.com; dmarc=pass header.from= >> gmail.com >> Authentication-Results: mx3.mailtransaction.com; spf=pass smtp.mailfrom= >> rolf.sonneveld@xxxxxxxxx >> DKIM-Filter: OpenDKIM Filter v2.10.3 mx3.mailtransaction.com >> 41nJgj7403z2nGHV >> Authentication-Results: mx3.mailtransaction.com; >> dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@ >> gmail.com header.b=bYFxlJYd; >> dkim-atps=neutral >> >> What is OpenArc supposed to write in the header? I would expect it to >> tell me about ARC validation, but I only see that OpenARC seems to have >> 'touched' the header, but no more information. Am I missing something? >> > > It seems I do get an ARC-Authentication-Results header when I change 'Mode > v' to 'Mode sv': > > ARC-Seal: i=1; a=rsa-sha256; d=mx3.mailtransaction.com; s=201808; > t=1533940491; cv=none; b=YsGxeo1Cv7b5K/N5cBjru1XWsFpf > Kv1yrCe2HKGasJuZmPX3XCDiJsESatNNZIY7JEWlNM2D1xxjpbDLriO4n6+a > bCInGiTAH8wmAMcV5gDI47MGgjXqzB3pDbbw0Tw2cGj+9wznv8sJv/eM9Clu > fWQWXdyhn/k1iZBIBMybc5k= > ARC-Message-Signature: i=1; a=rsa-sha256; d=mx3.mailtransaction.com; > s=201808; t=1533940491; c=relaxed/simple; > bh=fQxlxZs3rWcL2hEfpWCzJuSGth+BSBhbrLiAv4fwElE=; > h=DMARC-Filter:DKIM-Filter:Received:DKIM-Signature: > X-Google-DKIM-Signature:X-Gm-Message-State:X-Google-Smtp-Source: > X-Received:MIME-Version:Received:From:Date:Message-ID:Subject:To: > Content-Type; b=fOsLt8V9/23B3on2v2U5xVaV1wx81YVybqH5mHuOi6X/ > YLb6sdJTwA5MO11/oTQhrKFz+z+tkhbDEwzOtUaAzC4s1DOWg5FOulUBmT3G > /mj/wuatt0Nhx9/aPVc/d61aJvZA20KXCay1q1EaZZrID5hfVcV1xApEDOSGFG+VOhg= > ARC-Authentication-Results: i=1; mx3.mailtransaction.com; dmarc=pass > header.from=gmail.comspf=pass smtp.mailfrom=rolf.sonneveld@gmail.comdkim=pass > (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com > header.b=eHXtQZiP; dkim-atps=neutral > > However, as I have separate inbound and outbound MTA's I would expect the > 'ARC-Authentication-Results' header line for inbound traffic for the 'Mode > v' situation as well. Also, the ARC-Authentication-Results header is > writing 'i=1', which means any ARC-Seals from gmail.com are not detected? > Or does Gmail not yet ARC-sign outbound traffic? > > Thanks, > /rolf > > -- Seth Blank | Director of Industry Initiatives E: seth@xxxxxxxxxxxx | P: 415.273.8818
Re: OpenARC header info | "Rolf E. Sonneveld" <R.E.Sonneveld@xxxxxxxxxxxxx> |
OpenARC header info | "Rolf E. Sonneveld" <R.E.Sonneveld@xxxxxxxxxxxxx> |
Re: OpenARC header info | "Rolf E. Sonneveld" <R.E.Sonneveld@xxxxxxxxxxxxx> |