>what hostname will be used for the singnature?
currently 'myName' is used
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <assp-test@lists.sourceforge.net>
Datum: 11.04.2018 18:50
Betreff: Re: [Assp-test] fixes in assp 2.6.2 *Fortress* build 18100
Wow, you didn't waste any time on getting my ARC suggestion in there!!!
thank you
Question: I read the IETF draft carefully and >think< that I understand
that ARC signing is verified just like DKIM is, looking at the public key
via DNS. It really is a clever idea and should be really helpful here as
more providers adopt the technology. If we opt to do our own ARC signing
(which I doubt know we're ready to do anyway until the rest of the servers
here support it), what hostname will be used for the singnature? Will it
be signed with the ASSP machine hostname? If so, we'd need to but the
private key for assp.OurCharity.org (which doesn't exist yet) to the DKIM
confi file right?
Thanks again Thomas. This is great.
On Tue, Apr 10, 2018 at 9:31 AM, Thomas Eckardt <
thomas.ecka...@thockar.com> wrote:
Hi all,
fixed in assp 2.6.2 *Fortress* build 18100:
- the analyzer now prevents duplicate feature matching lines
- because the DKIM check was skipped, if assp has changed or removed
headerlines, DKIMWLAddresses and DKIMNPAddresses was not working in every
case
- myNameAlso was synchronized, this is no longer the case
- on some OS the 'autoflush' was not working for rebuild output files
changed:
- a regular expression containing the values of myName and myNameAlso is
added to 'trustedAuthForwarders' every time (if myName is not set to
ASSP.nospam)
- the recommended version of Mail::DKIM::Verifier (Mail::DKIM) is changed
to 0.50
Thomas
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
OFF - the changelog.txt
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
This release contains major code changes for new features. All of them are
disabled per default. You are free to test them. But more important for me
is to know, if the code is working well without using the new features.
1.
It is possible to create an UTF8 text file 'files/disclaimer.txt'.
If your Server/Clients adds always the same disclaimer to all emails, it
may possible, that HMM and Bayesian are providing wrong results, because
this disclaimer
is found in many corpus files (spam amd notspam). Such disclaimers should
be written in to this file. ASSP will build a regular expression for the
disclaimers and will remove them from the email content,
before the rebuild task analyzes the emails. The disclaimers should be
written in to this file, the same way they are shown in the mail client.
Lines starting with a '#' are comments and are ignored. Combine multiple
disclaimers with a line, that contains only one dot (like
EMAIL-END-Sequence).
example 1:
This is a multiline
disclaimer.
example 2:
# our first disclaimer
This is our first disclaimer.
It contains several lines.
.
#This is our second disclaimer
This disclaimer is used by the
IT stuff
2.
our $DoARC = 0; # (0/1/2/3) do ARC - Authenticated Received Chain
0=disabled, 1=verify, 2=sign, 3=verify and sign !!!! EXPERIMENTAL !!!!
(to be configured in 'lib/CorrectASSPcfg.pm')
Authenticated Received Chain is still experimental, but used in production
mode by gmail, AOL and some others. The draft is available at
https://www.ietf.org/id/draft-ietf-dmarc-arc-protocol-13.txt - there is
still no RFC stated.
If verify is enabled (1/3) - and such a valid Authenticated Received Chain
Signature stucture is provided by a host/domain (d=... TAG) matching
'trustedAuthForwarders', assp will trust the provided results for DKIM,
SPF and DMARC.
If ARC-signing is anabled (2/3), an Authenticated Received Chain Signature
is added to every incoming and outgoing email by assp - providing the
results for DKIM, SPF and DMARC (if available) to the next mail hops.
The goal:
Mail forwarders (like assp) may change DKIM protected mail headers and/or
the body. If so, every received DKIM-signature will become invalid.
It may also possible, that a mail is forwarded by a mailing list provider
or another forwarder - which may cause SPF to fail.
If DKIM or SPF fails, DMARC may also fail.
ARC-signing gives the forwarder the chance, to provide its own calculated
results for DKIM, SPF and DMARC to the next mail hops in a secure way.
Faking such a signature is NOT possible, it is the same way protected by a
RSA key pair, like DKIM signatures.
If any of the next mail hops is able to process provided ARC-signatures,
it will be able to check, if the origin of the email is valid or not (e.g.
was valid, when the mail was received by the forwarder)..
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
