OK, real example:
our assp machine name is assp.OurCharity.org
most users have <whatever>@OurCharity.org email addresses and DKIM signing
works for @OurCharity.org mails.
I do NOT have dkim setup for assp.ourcharity.org, I certainly could, but no
users send with that address.
I assumed that putting OurCharity.org into ARCSigningHost would have ASSP
ARC sign all inbound mail using the DKIM signature key info for
OurCharity.org found in the dkim config file, but that isn't happening.
Doesn't this qualify as a fully qualified host name too? Are you saying I
must have a someting.OurCharity.org for this vs just the root domain even
though just OurCharity.org is otherwise valid and able to sign?
On outgoing, I do see our ARC signatures. Very cool. And when I sent a
test to gmail, it puts its own signature as i=2. That's great. It'll be
interesting to see what comes next in terms of a arc equivalent of
senderbase, where trusted forwarders is a list that someone else can
maintain!
Very minor: I know it's legal to have spaces in DKIM / ARC, but in gmail at
least, it seems like our signature lines are really long and have spaces
after some of the entries like h= d= etc. Also of note, gmail's arc
signatures are nicely formatted, multiple lines indented, broken every 80
chars or so. ASSP's are very long lines, not indented. If my test gmail
account forwards a message back to me, the original signatures do show up
"pretty" formatted and indented in ASSP, but still with the breaks after t=
in the seal and d= in the signature. I wonder if this is something with
line breaks windows vs unix or something. I know that none of this
matters, but thought you'd want to know what I noticed in terms of
aesthetics.
On Wed, Apr 18, 2018 at 4:46 AM, Thomas Eckardt <thomas.ecka...@thockar.com>
wrote:
> >ARCsigningHost set to the primary domain we use
>
> There is a big difference between an domain name and a hostname (full
> qualified host name)!
>
> The parameter is ARCsigning*Host* NOT ARCsigningDomain
>
> ...
> The signing domain is parsed from the senders address (header From: or
> Sender:) in outgoing mails - and this value (or myName) in incoming mails.
>
> >I'm not sure why the "the signing domain is parsed from the sender's
> address...." part is here.
>
> ASSP may be used for more than one local domain.
>
> >This configuration is just for incoming mail,
>
> ...
> If selected, ASSP will add Authenticated Received Chain (ARC) signatures
> to *all* messages,
>
>
> Thomas
>
>
>
>
>
>
> Von: "K Post" <nntp.p...@gmail.com>
> An: "ASSP development mailing list" <assp-test@lists.sourceforge.
> net>
> Datum: 17.04.2018 23:45
> Betreff: [Assp-test] genArc testing
> ------------------------------
>
>
>
> Absolutely not not critical, but my tests for genARC in 18107 doesn't seem
> to do anything.
>
> genARC checked
> ARCsigningHost set to the primary domain we use
> No changes to DKIMgenConfig made since DKIM signing for our outgoing
> messages from our main domain works fine.
>
> I'd expect to see ARC signatures on all of the incoming mail, but I see
> nothing in the headers. Any debugging flags I can set to see why not?
>
> Is genARC only active when mail is actually "relayed" as the GUI suggests,
> as in only mail that comes through the relay port? if that's the case, the
> rest of this email is moot. If not, maybe change the language to say
> "incoming mail' vs relayed?
>
> The tests I did is from external hosts which dkim sign their mail, but if
> I understand correctly ARC should be added by ASSP even if there's no
> incoming DKIM sig. All perl modules show up to date (except
> for Archive::Libarchive::XS(libarchive-version) which you said was
> okay). ARC is essentially just saying what our DKIM/SPF results were. If
> the mail is ultimately forwarded elsewhere, it's up to the other server to
> decide if it wants to honor what we're saying. (right?)
>
> Also, a suggestion, the description of genARC is currently:
> If selected, ASSP will add Authenticated Received Chain (ARC) signatures
> to all messages, if it finds a valid DKIM configuration in DKIMgenConfig
> for the sending domain. This will also be done for noprocessing mails. If
> available, the check results for SPF, DKIM and DMARC will be provided in
> the generated ARC-signature. This requires an installed Mail::DKIM module
> in PERL.
>
> I think this should be
> If selected, ASSP will add Authenticated Received Chain (ARC) signatures
> to all messages provided it finds a valid DKIM configuration in
> DKIMgenConfig for ARCSigningHost (or myName if ARCsSigningHost is blank).
> This will also be done for noprocessing mails. If available, the check
> results for SPF, DKIM and DMARC will be provided in the generated
> ARC-signature. This requires an installed Mail::DKIM module in PERL.
>
>
> ARCSigningHost is described as:
> The full qualified host name to be used for Authenticated Received Chain
> (ARC) signing. If not defined, myName is used. The signing domain is parsed
> from the senders address (header From: or Sender:) in outgoing mails - and
> this value (or myName) in incoming mails.
>
> I'm not sure why the "the signing domain is parsed from the sender's
> address...." part is here. This configuration is just for incoming mail,
> I'd leave out stuff about outgoing mail signing (sounds like DKIM to me not
> ARC)
>
> It'll be interesting to see how quickly ARC is implemented elsewhere.
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
