[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenARC header info


Gmail does not add ARC header fields to outbound messages that originate
from gmail.

OpenARC will only add its own ARC Set to a message in Sealing mode (either
with no mode flag set, or with "s" in the mode flag).

In validation mode, there should be at a minimum an arc
Authentication-Results stamp, that should look like
"Authentication-Results: [authservid]; arc=none"

Do you see that show up if you're explicitly in mode "v" ?

Seth

On Fri, Aug 10, 2018 at 3:42 PM, Rolf E. Sonneveld <
R.E.Sonneveld@xxxxxxxxxxxxx> wrote:

> All,
>
>
> On 11-08-18 00:04, Rolf E. Sonneveld wrote:
>
>> Hi,
>>
>> using the following configuration:
>>
>> AuthservID        mx3.mailtransaction.com
>> Domain            mx3.mailtransaction.com
>> KeepTemporaryFiles    no
>> KeyFile            /etc/openarc/201808.private
>> MilterDebug        0
>> Mode            v
>> Selector        201808
>> SignatureAlgorithm    rsa-sha256
>> Socket            inet:3336@localhost
>> SoftwareHeader    yes
>> Syslog            Yes
>> SyslogFacility    mail
>> TemporaryDirectory    /tmp
>> UserID        openarc:openarc
>>
>> For an incoming test message I see the following in the logfile:
>>
>> Aug 10 23:49:52 lithium postfix-inet0/smtpd[7359]: connect from
>> mail-yw1-f54.google.com[209.85.161.54]
>> Aug 10 23:49:53 lithium postfix-inet0/smtpd[7359]: Anonymous TLS
>> connection established from mail-yw1-f54.google.com[209.85.161.54]:
>> TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
>> Aug 10 23:49:53 lithium postfix-inet0/smtpd[7359]: 41nJgj7403z2nGHV:
>> client=mail-yw1-f54.google.com[209.85.161.54]
>> Aug 10 23:49:54 lithium postfix-inet0/cleanup[7362]: 41nJgj7403z2nGHV:
>> message-id=<CAJV=Fezkvghnk3Q4hK_BfkEB9f_CG46=A4Ju5PzRtmg+
>> 1RxzmA@xxxxxxxxxxxxxx>
>> Aug 10 23:49:54 lithium opendkim[1335]: 41nJgj7403z2nGHV:
>> mail-yw1-f54.google.com [209.85.161.54] not internal
>> Aug 10 23:49:54 lithium opendkim[1335]: 41nJgj7403z2nGHV: not
>> authenticated
>> Aug 10 23:49:54 lithium opendkim[1335]: 41nJgj7403z2nGHV: DKIM
>> verification successful
>> Aug 10 23:49:54 lithium opendkim[1335]: 41nJgj7403z2nGHV: s=20161025 d=
>> gmail.com SSL
>> Aug 10 23:49:54 lithium opendmarc[19642]: implicit authentication
>> service: mx3.mailtransaction.com
>> Aug 10 23:49:54 lithium opendmarc[19642]: 41nJgj7403z2nGHV: gmail.com
>> pass
>> Aug 10 23:49:54 lithium postfix-inet0/qmgr[7215]: 41nJgj7403z2nGHV: from=<
>> rolf.sonneveld@xxxxxxxxx>, size=2821, nrcpt=1 (queue active)
>> Aug 10 23:49:54 lithium postfix-inet0/smtpd[7359]: disconnect from
>> mail-yw1-f54.google.com[209.85.161.54] ehlo=2 starttls=1 mail=1 rcpt=1
>> data=1 quit=1 commands=7
>> Aug 10 23:49:54 lithium postfix-inet0/smtp[7363]: 41nJgj7403z2nGHV: to=<
>> r.e.sonneveld@xxxxxxxxxxxxx>, relay=mx25.mailtransaction.com[78.46.16.213]:1025,
>> delay=0.95, delays=0.76/0.01/0.09/0.09, dsn=2.0.0, status=sent (250 2.0.0
>> Ok: queued as 41nJgk3f5wz1tp58)
>> Aug 10 23:49:54 lithium postfix-inet0/qmgr[7215]: 41nJgj7403z2nGHV:
>> removed
>>
>> In the header of the mail I see:
>>
>> ARC-Filter: OpenARC Filter v0.1.0 mx3.mailtransaction.com
>> 41nJgj7403z2nGHV
>> DMARC-Filter: OpenDMARC Filter v1.3.1 mx3.mailtransaction.com
>> 41nJgj7403z2nGHV
>> Authentication-Results: mx3.mailtransaction.com; dmarc=pass header.from=
>> gmail.com
>> Authentication-Results: mx3.mailtransaction.com; spf=pass smtp.mailfrom=
>> rolf.sonneveld@xxxxxxxxx
>> DKIM-Filter: OpenDKIM Filter v2.10.3 mx3.mailtransaction.com
>> 41nJgj7403z2nGHV
>> Authentication-Results: mx3.mailtransaction.com;
>>     dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@
>> gmail.com header.b=bYFxlJYd;
>>     dkim-atps=neutral
>>
>> What is OpenArc supposed to write in the header? I would expect it to
>> tell me about ARC validation, but I only see that OpenARC seems to have
>> 'touched' the header, but no more information. Am I missing something?
>>
>
> It seems I do get an ARC-Authentication-Results header when I change 'Mode
> v' to 'Mode sv':
>
> ARC-Seal: i=1; a=rsa-sha256; d=mx3.mailtransaction.com; s=201808;
>         t=1533940491; cv=none; b=YsGxeo1Cv7b5K/N5cBjru1XWsFpf
> Kv1yrCe2HKGasJuZmPX3XCDiJsESatNNZIY7JEWlNM2D1xxjpbDLriO4n6+a
> bCInGiTAH8wmAMcV5gDI47MGgjXqzB3pDbbw0Tw2cGj+9wznv8sJv/eM9Clu
> fWQWXdyhn/k1iZBIBMybc5k=
> ARC-Message-Signature: i=1; a=rsa-sha256; d=mx3.mailtransaction.com;
>         s=201808; t=1533940491; c=relaxed/simple;
>         bh=fQxlxZs3rWcL2hEfpWCzJuSGth+BSBhbrLiAv4fwElE=;
>         h=DMARC-Filter:DKIM-Filter:Received:DKIM-Signature:
>          X-Google-DKIM-Signature:X-Gm-Message-State:X-Google-Smtp-Source:
>          X-Received:MIME-Version:Received:From:Date:Message-ID:Subject:To:
>          Content-Type; b=fOsLt8V9/23B3on2v2U5xVaV1wx81YVybqH5mHuOi6X/
> YLb6sdJTwA5MO11/oTQhrKFz+z+tkhbDEwzOtUaAzC4s1DOWg5FOulUBmT3G
> /mj/wuatt0Nhx9/aPVc/d61aJvZA20KXCay1q1EaZZrID5hfVcV1xApEDOSGFG+VOhg=
> ARC-Authentication-Results: i=1; mx3.mailtransaction.com; dmarc=pass
> header.from=gmail.comspf=pass smtp.mailfrom=rolf.sonneveld@gmail.comdkim=pass
> (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com
> header.b=eHXtQZiP; dkim-atps=neutral
>
> However, as I have separate inbound and outbound MTA's I would expect the
> 'ARC-Authentication-Results' header line for inbound traffic for the 'Mode
> v' situation as well. Also, the ARC-Authentication-Results header is
> writing 'i=1', which means any ARC-Seals from gmail.com are not detected?
> Or does Gmail not yet ARC-sign outbound traffic?
>
> Thanks,
> /rolf
>
>


-- 

Seth Blank | Director of Industry Initiatives

E: seth@xxxxxxxxxxxx | P: 415.273.8818

Follow-Ups:
Re: OpenARC header info"Rolf E. Sonneveld" <R.E.Sonneveld@xxxxxxxxxxxxx>
References:
OpenARC header info"Rolf E. Sonneveld" <R.E.Sonneveld@xxxxxxxxxxxxx>
Re: OpenARC header info"Rolf E. Sonneveld" <R.E.Sonneveld@xxxxxxxxxxxxx>