and more important than pretty formatting is that incoming signing doesn't
seem to be doing anything for me.
On Thu, Apr 19, 2018 at 5:11 PM, K Post <nntp.p...@gmail.com> wrote:
> already running 0.52. Is there a newer one somewhere that I don't know
> about?
>
> On Wed, Apr 18, 2018 at 6:14 PM, Thomas Eckardt <
> thomas.ecka...@thockar.com> wrote:
>
>> update Mail::DKIM to the latest version and the signatures will be
>> formated right.
>>
>> Thomas
>>
>>
>>
>>
>>
>> Von: "K Post" <nntp.p...@gmail.com>
>> An: "ASSP development mailing list" <assp-test@lists.sourceforge.n
>> et>
>> Datum: 18.04.2018 17:52
>> Betreff: Re: [Assp-test] genArc testing
>> ------------------------------
>>
>>
>>
>> OK, real example:
>> our assp machine name is *assp.OurCharity.org*
>> <http://assp.ourcharity.org/>
>> most users have <whatever>@OurCharity.org email addresses and DKIM
>> signing works for @OurCharity.org mails.
>> I do NOT have dkim setup for *assp.ourcharity.org*
>> <http://assp.ourcharity.org/>, I certainly could, but no users send with
>> that address.
>>
>> I assumed that putting OurCharity.org into ARCSigningHost would have ASSP
>> ARC sign all inbound mail using the DKIM signature key info for
>> OurCharity.org found in the dkim config file, but that isn't happening.
>> Doesn't this qualify as a fully qualified host name too? Are you saying I
>> must have a *someting.OurCharity.org* <http://someting.ourcharity.org/>
>> for this vs just the root domain even though just OurCharity.org is
>> otherwise valid and able to sign?
>>
>> On outgoing, I do see our ARC signatures. Very cool. And when I sent a
>> test to gmail, it puts its own signature as i=2. That's great. It'll be
>> interesting to see what comes next in terms of a arc equivalent of
>> senderbase, where trusted forwarders is a list that someone else can
>> maintain!
>>
>> Very minor: I know it's legal to have spaces in DKIM / ARC, but in gmail
>> at least, it seems like our signature lines are really long and have spaces
>> after some of the entries like h= d= etc. Also of note, gmail's arc
>> signatures are nicely formatted, multiple lines indented, broken every 80
>> chars or so. ASSP's are very long lines, not indented. If my test gmail
>> account forwards a message back to me, the original signatures do show up
>> "pretty" formatted and indented in ASSP, but still with the breaks after t=
>> in the seal and d= in the signature. I wonder if this is something with
>> line breaks windows vs unix or something. I know that none of this
>> matters, but thought you'd want to know what I noticed in terms of
>> aesthetics.
>>
>>
>>
>>
>>
>>
>> On Wed, Apr 18, 2018 at 4:46 AM, Thomas Eckardt <
>> *thomas.ecka...@thockar.com* <thomas.ecka...@thockar.com>> wrote:
>> >ARCsigningHost set to the primary domain we use
>>
>> There is a big difference between an domain name and a hostname (full
>> qualified host name)!
>>
>> The parameter is ARCsigning*Host* NOT ARCsigningDomain
>>
>> ...
>> The signing domain is parsed from the senders address (header From: or
>> Sender:) in outgoing mails - and this value (or myName) in incoming mails.
>>
>> >I'm not sure why the "the signing domain is parsed from the sender's
>> address...." part is here.
>>
>> ASSP may be used for more than one local domain.
>>
>> >This configuration is just for incoming mail,
>>
>> ...
>> If selected, ASSP will add Authenticated Received Chain (ARC) signatures
>> to *all* messages,
>>
>>
>> Thomas
>>
>>
>>
>>
>>
>>
>> Von: "K Post" <*nntp.p...@gmail.com* <nntp.p...@gmail.com>>
>> An: "ASSP development mailing list" <
>> *assp-test@lists.sourceforge.net* <assp-test@lists.sourceforge.net>>
>> Datum: 17.04.2018 23:45
>> Betreff: [Assp-test] genArc testing
>> ------------------------------
>>
>>
>>
>>
>> Absolutely not not critical, but my tests for genARC in 18107 doesn't
>> seem to do anything.
>>
>> genARC checked
>> ARCsigningHost set to the primary domain we use
>> No changes to DKIMgenConfig made since DKIM signing for our outgoing
>> messages from our main domain works fine.
>>
>> I'd expect to see ARC signatures on all of the incoming mail, but I see
>> nothing in the headers. Any debugging flags I can set to see why not?
>>
>> Is genARC only active when mail is actually "relayed" as the GUI
>> suggests, as in only mail that comes through the relay port? if that's the
>> case, the rest of this email is moot. If not, maybe change the language to
>> say "incoming mail' vs relayed?
>>
>> The tests I did is from external hosts which dkim sign their mail, but if
>> I understand correctly ARC should be added by ASSP even if there's no
>> incoming DKIM sig. All perl modules show up to date (except
>> for Archive::Libarchive::XS(libarchive-version) which you said was
>> okay). ARC is essentially just saying what our DKIM/SPF results were. If
>> the mail is ultimately forwarded elsewhere, it's up to the other server to
>> decide if it wants to honor what we're saying. (right?)
>>
>> Also, a suggestion, the description of genARC is currently:
>> If selected, ASSP will add Authenticated Received Chain (ARC) signatures
>> to all messages, if it finds a valid DKIM configuration in DKIMgenConfig
>> for the sending domain. This will also be done for noprocessing mails. If
>> available, the check results for SPF, DKIM and DMARC will be provided in
>> the generated ARC-signature. This requires an installed Mail::DKIM module
>> in PERL.
>>
>> I think this should be
>> If selected, ASSP will add Authenticated Received Chain (ARC) signatures
>> to all messages provided it finds a valid DKIM configuration in
>> DKIMgenConfig for ARCSigningHost (or myName if ARCsSigningHost is blank).
>> This will also be done for noprocessing mails. If available, the check
>> results for SPF, DKIM and DMARC will be provided in the generated
>> ARC-signature. This requires an installed Mail::DKIM module in PERL.
>>
>>
>> ARCSigningHost is described as:
>> The full qualified host name to be used for Authenticated Received Chain
>> (ARC) signing. If not defined, myName is used. The signing domain is parsed
>> from the senders address (header From: or Sender:) in outgoing mails - and
>> this value (or myName) in incoming mails.
>>
>> I'm not sure why the "the signing domain is parsed from the sender's
>> address...." part is here. This configuration is just for incoming mail,
>> I'd leave out stuff about outgoing mail signing (sounds like DKIM to me not
>> ARC)
>>
>> It'll be interesting to see how quickly ARC is implemented elsewhere.
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! *http://sdm.link/slashdot*
>> <http://sdm.link/slashdot>
>> _______________________________________________
>> Assp-test mailing list
>> *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net>
>> *https://lists.sourceforge.net/lists/listinfo/assp-test*
>> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>>
>>
>>
>>
>>
>> DISCLAIMER:
>> *******************************************************
>> This email and any files transmitted with it may be confidential, legally
>> privileged and protected in law and are intended solely for the use of the
>> individual to whom it is addressed.
>> This email was multiple times scanned for viruses. There should be no
>> known virus in this email!
>> *******************************************************
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! *http://sdm.link/slashdot*
>> <http://sdm.link/slashdot>
>> _______________________________________________
>> Assp-test mailing list
>> *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net>
>> *https://lists.sourceforge.net/lists/listinfo/assp-test*
>> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Assp-test mailing list
>> Assp-test@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>
>>
>>
>>
>>
>> DISCLAIMER:
>> *******************************************************
>> This email and any files transmitted with it may be confidential, legally
>> privileged and protected in law and are intended solely for the use of the
>> individual to whom it is addressed.
>> This email was multiple times scanned for viruses. There should be no
>> known virus in this email!
>> *******************************************************
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Assp-test mailing list
>> Assp-test@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>
>>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
