Maybe I'm once again confused. If I've got genARC on shouldn't all inbound
DKIM signed mail get the ASSP generated ARC signature which would be
(potentially) useful if the mail is forwarded by the MTA?
I'm not talking about passing mail that is ARC signed by a trusted inbound
sender, I'm talking about ARC signing incoming mails ourselves. Of course
all of this is really just academic at this point - until recipients start
using ARC and trusting our ARC signing. My point is that no ARC signature
seems to be added to inbound mails here, I thought that's what you wanted
us to test.
On Fri, Apr 20, 2018 at 2:24 AM, Thomas Eckardt <thomas.ecka...@thockar.com>
wrote:
> >incoming signing doesn't seem to be doing anything for me
>
> We may also talking about the weather.
>
> settings? trusted host match? results to be adopted? results are adopted?
>
> Thomas
>
>
>
>
> Von: "K Post" <nntp.p...@gmail.com>
> An: "ASSP development mailing list" <assp-test@lists.sourceforge.
> net>
> Datum: 19.04.2018 23:13
> Betreff: Re: [Assp-test] genArc testing
> ------------------------------
>
>
>
> and more important than pretty formatting is that incoming signing doesn't
> seem to be doing anything for me.
>
> On Thu, Apr 19, 2018 at 5:11 PM, K Post <*nntp.p...@gmail.com*
> <nntp.p...@gmail.com>> wrote:
> already running 0.52. Is there a newer one somewhere that I don't know
> about?
>
> On Wed, Apr 18, 2018 at 6:14 PM, Thomas Eckardt <
> *thomas.ecka...@thockar.com* <thomas.ecka...@thockar.com>> wrote:
> update Mail::DKIM to the latest version and the signatures will be
> formated right.
>
> Thomas
>
>
>
>
>
> Von: "K Post" <*nntp.p...@gmail.com* <nntp.p...@gmail.com>>
> An: "ASSP development mailing list" <
> *assp-test@lists.sourceforge.net* <assp-test@lists.sourceforge.net>>
> Datum: 18.04.2018 17:52
> Betreff: Re: [Assp-test] genArc testing
> ------------------------------
>
>
>
>
> OK, real example:
> our assp machine name is *assp.OurCharity.org*
> <http://assp.ourcharity.org/>
> most users have <whatever>@OurCharity.org email addresses and DKIM signing
> works for @OurCharity.org mails.
> I do NOT have dkim setup for *assp.ourcharity.org*
> <http://assp.ourcharity.org/>, I certainly could, but no users send with
> that address.
>
> I assumed that putting OurCharity.org into ARCSigningHost would have ASSP
> ARC sign all inbound mail using the DKIM signature key info for
> OurCharity.org found in the dkim config file, but that isn't happening.
> Doesn't this qualify as a fully qualified host name too? Are you saying I
> must have a *someting.OurCharity.org* <http://someting.ourcharity.org/>
> for this vs just the root domain even though just OurCharity.org is
> otherwise valid and able to sign?
>
> On outgoing, I do see our ARC signatures. Very cool. And when I sent a
> test to gmail, it puts its own signature as i=2. That's great. It'll be
> interesting to see what comes next in terms of a arc equivalent of
> senderbase, where trusted forwarders is a list that someone else can
> maintain!
>
> Very minor: I know it's legal to have spaces in DKIM / ARC, but in gmail
> at least, it seems like our signature lines are really long and have spaces
> after some of the entries like h= d= etc. Also of note, gmail's arc
> signatures are nicely formatted, multiple lines indented, broken every 80
> chars or so. ASSP's are very long lines, not indented. If my test gmail
> account forwards a message back to me, the original signatures do show up
> "pretty" formatted and indented in ASSP, but still with the breaks after t=
> in the seal and d= in the signature. I wonder if this is something with
> line breaks windows vs unix or something. I know that none of this
> matters, but thought you'd want to know what I noticed in terms of
> aesthetics.
>
>
>
>
>
>
> On Wed, Apr 18, 2018 at 4:46 AM, Thomas Eckardt <
> *thomas.ecka...@thockar.com* <thomas.ecka...@thockar.com>> wrote:
> >ARCsigningHost set to the primary domain we use
>
> There is a big difference between an domain name and a hostname (full
> qualified host name)!
>
> The parameter is ARCsigning*Host* NOT ARCsigningDomain
>
> ...
> The signing domain is parsed from the senders address (header From: or
> Sender:) in outgoing mails - and this value (or myName) in incoming mails.
>
> >I'm not sure why the "the signing domain is parsed from the sender's
> address...." part is here.
>
> ASSP may be used for more than one local domain.
>
> >This configuration is just for incoming mail,
>
> ...
> If selected, ASSP will add Authenticated Received Chain (ARC) signatures
> to *all* messages,
>
>
> Thomas
>
>
>
>
>
>
> Von: "K Post" <*nntp.p...@gmail.com* <nntp.p...@gmail.com>>
> An: "ASSP development mailing list" <
> *assp-test@lists.sourceforge.net* <assp-test@lists.sourceforge.net>>
> Datum: 17.04.2018 23:45
> Betreff: [Assp-test] genArc testing
> ------------------------------
>
>
>
>
> Absolutely not not critical, but my tests for genARC in 18107 doesn't seem
> to do anything.
>
> genARC checked
> ARCsigningHost set to the primary domain we use
> No changes to DKIMgenConfig made since DKIM signing for our outgoing
> messages from our main domain works fine.
>
> I'd expect to see ARC signatures on all of the incoming mail, but I see
> nothing in the headers. Any debugging flags I can set to see why not?
>
> Is genARC only active when mail is actually "relayed" as the GUI suggests,
> as in only mail that comes through the relay port? if that's the case, the
> rest of this email is moot. If not, maybe change the language to say
> "incoming mail' vs relayed?
>
> The tests I did is from external hosts which dkim sign their mail, but if
> I understand correctly ARC should be added by ASSP even if there's no
> incoming DKIM sig. All perl modules show up to date (except
> for Archive::Libarchive::XS(libarchive-version) which you said was
> okay). ARC is essentially just saying what our DKIM/SPF results were. If
> the mail is ultimately forwarded elsewhere, it's up to the other server to
> decide if it wants to honor what we're saying. (right?)
>
> Also, a suggestion, the description of genARC is currently:
> If selected, ASSP will add Authenticated Received Chain (ARC) signatures
> to all messages, if it finds a valid DKIM configuration in DKIMgenConfig
> for the sending domain. This will also be done for noprocessing mails. If
> available, the check results for SPF, DKIM and DMARC will be provided in
> the generated ARC-signature. This requires an installed Mail::DKIM module
> in PERL.
>
> I think this should be
> If selected, ASSP will add Authenticated Received Chain (ARC) signatures
> to all messages provided it finds a valid DKIM configuration in
> DKIMgenConfig for ARCSigningHost (or myName if ARCsSigningHost is blank).
> This will also be done for noprocessing mails. If available, the check
> results for SPF, DKIM and DMARC will be provided in the generated
> ARC-signature. This requires an installed Mail::DKIM module in PERL.
>
>
> ARCSigningHost is described as:
> The full qualified host name to be used for Authenticated Received Chain
> (ARC) signing. If not defined, myName is used. The signing domain is parsed
> from the senders address (header From: or Sender:) in outgoing mails - and
> this value (or myName) in incoming mails.
>
> I'm not sure why the "the signing domain is parsed from the sender's
> address...." part is here. This configuration is just for incoming mail,
> I'd leave out stuff about outgoing mail signing (sounds like DKIM to me not
> ARC)
>
> It'll be interesting to see how quickly ARC is implemented elsewhere.
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! *http://sdm.link/slashdot*
> <http://sdm.link/slashdot>
> _______________________________________________
> Assp-test mailing list
> *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net>
> *https://lists.sourceforge.net/lists/listinfo/assp-test*
> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! *http://sdm.link/slashdot*
> <http://sdm.link/slashdot>
> _______________________________________________
> Assp-test mailing list
> *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net>
> *https://lists.sourceforge.net/lists/listinfo/assp-test*
> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! *http://sdm.link/slashdot*
> <http://sdm.link/slashdot>
> _______________________________________________
> Assp-test mailing list
> *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net>
> *https://lists.sourceforge.net/lists/listinfo/assp-test*
> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! *http://sdm.link/slashdot*
> <http://sdm.link/slashdot>
> _______________________________________________
> Assp-test mailing list
> *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net>
> *https://lists.sourceforge.net/lists/listinfo/assp-test*
> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
