On Mon, 20 Apr 2020, Jeremy Harris via Exim-users wrote:
On 20/04/2020 14:33, Tom Crane via Exim-users wrote:
I am attempting to configure my server (exim-4.92.3) to ARC
(Authenticated Received Chain) sign and possibly also verify messages.
There's been several ARC-related fixes since then; I suggest you
consider moving closer to the bleeding-edge.
I will do so. exim-4.93.tar.bz2 looks like the latest stable release to
build.
I already DKIM sign messages which verify on external receiving MTAs
when the sender address is in my local domain. The server also
maintains a set of distribution lists expanded from aliases. Some of
the senders to these distribution lists are outside my local domain
which breaks DKIM verification, which is why I want to try ARC signing.
I accept ARC is a new, experimental feature in EXIM but the
documentation in doc/experimental-spec.txt is very brief. The thing I
really need is some simple worked example configurations.
Ideally I just need to check whether an incoming message was for one of
my distribution lists and if so ARC sign it.
Currently I have tried this simple configuration,
remote_smtp:
driver = smtp
dkim_domain = $sender_address_domain
dkim_selector = selector3
dkim_private_key = /etc/exim/dkim/selector3.pem
dkim_canon = relaxed
EXPERIMENTAL_ARC=yes
arc_sign = $primary_hostname : selector3 : /etc/exim/dkim/selector3.pem
The line "EXPERIMENTAL_ARC=yes" needs to go in the Local/Makefile
for the build of exim. You need to build your own, if you are not
using a distro that does.
The current "experimental-spec.txt" says:
"Enable using EXPERIMENTAL_ARC=yes in your Local/Makefile".
It does not need to go in your config. What you have there is a
macro definition (and likely never used).
Many thanks for the clarification. EXPERIMENTAL_ARC= was not documented
in the "experimental-spec.txt" file which came with my distro (SLC6) and
so I had guessed, wrongly, that it was needed in the exim.conf file.
Curiously without EXPERIMENTAL_ARC=yes in the exim.conf I received a
different error -- obviously a red herring though.
but exim fails to start with "Exim configuration error in line XXX"
"transport name missing"
where line XXX is the 'arc_sign = ' line.
What am I doing wrong?
Check the "Support for" line from "exim -bV". If it doesn't mention ARC
then you are running a build without ARC. I suspect this is the case.
Yes. That also turned out to be the case, so thanks again for clarifying
that.
In the meantime, do you know of any working / example ARC exim.conf
configurations available anywhere to study?
Many thanks
Tom
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
