Postfix implementation #124
Comments
|
lukas skrev den 2020-01-05 02:17:
I am trying to add this to docker-mailserver [1] which uses postfix.
See #123 [2] for the previous discussion.
I have a first attempt. See here: docker-mailserver/docker-mailserver#1346
(comment) [3]
However, it seems like OpenArc is not doing anything and/or never
being triggered. Any ideas what I am missing?
run dmarc after arc, so dmarc can validate arc, for this to work use
opendmarc from github, i tryed build openarc from github but it
segfaults, very helpfull :(
non_smtp_milters does not make sense to call openarc milter when its
origin sender and dkim signed
cut long story openarc are made only for maillists that breaks dkim
|
You mean like this:
Works for me on arch linux as well as in a Debian 9 docker image
What do you mean by that? |
|
Alright. It seems like it is working. Checking on a message forwarded to google, I can see this: |
|
lukas skrev den 2020-01-05 02:50:
smtpd_milters = $dkim_milter,$arc_milter,$dmarc_milter
non_smtpd_milters = $dkim_milter
yes
> i tryed build openarc from github but it segfaults, very helpfull :(
Works for me on arch linux as well as in a Debian 9 docker image
then its not raw source from github, so i must find real tarballs
please link to the debian sources if it works
> cut long story openarc are made only for maillists that breaks dkim
What do you mean by that?
if none breaked dkim then openarc is completely unnedded
I am forwarding emails from my mailserver to gmail,
forwarding does not break dkim, but maillists does
so I need ARC to
resign the chain and make Gmail
so you see gmail reject dkim signed mails, if you dont arc sealing it ?
not rejecting mails from senders with
strict DMARC policies.
strict is irelevant if dkim is not breaked
|
I do not understand. I am building from master branch. I don't know what you mean by debian sources.
There is a lot of people experiencing something different (including me). Just follow the links I posted. |
|
And when you check the headers as seen on gmail, do you see the ARC chain
continued with i=2 and the AAR listing cv=pass for your i=1 set?
…--Kurt
On Sat, Jan 4, 2020, 18:21 lukas ***@***.***> wrote:
Alright. It seems like it is working. Checking on a message forwarded to
google, I can see this:
ARC-Seal: i=1; a=rsa-sha256; d=domain.com; s=201808; t=1578189874; cv=none; b=[.......]
ARC-Message-Signature: i=1; a=rsa-sha256; d=domain.com; s=201808; t=1578189874; c=relaxed/simple; bh=[...]; h=Received-SPF:MIME-Version:Message-ID:Date:From:To:Subject:
Content-Type:Content-Transfer-Encoding; b=[.......]
ARC-Authentication-Results: i=1; mx0.domain.com; arc=none
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#124?email_source=notifications&email_token=AAGU3SLO7Q7L3PQ4R7RE6NLQ4E74DA5CNFSM4KCY24YKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIDEW4Y#issuecomment-570837875>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGU3SMZ462WC5BD3GWPQKDQ4E74DANCNFSM4KCY24YA>
.
|
|
Hi Kurt But it seems like it is doing something. I mean, I can clearly see the difference between using OpenArc and not using it. Is that a configuration issue or a bug? |
|
The arc=fail with a missing DNS record pretty well explains the problem.
Did you publish the public key for your ARC signing?
…On Sat, Jan 4, 2020, 18:54 lukas ***@***.***> wrote:
Hi Kurt
Nope... I do not see any i=2 :( Also, I see arc=fail (DNS record missing)
So I suppose, it is not working.
But it seems like it is doing something. I mean, I can clearly see the
difference between using OpenArc and not using it.
Is that a configuration issue or a bug?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#124?email_source=notifications&email_token=AAGU3SKKG45L25NMJDFWT23Q4FDV5A5CNFSM4KCY24YKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIDFNZQ#issuecomment-570840806>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGU3SLNRRLZ4UZQAPRI4SDQ4FDV5ANCNFSM4KCY24YA>
.
|
|
Nope, I don't think so. To be honest I have only little idea what I am doing here... Where can/should I publish it? |
|
You need to publish the public key for ARC just like you do for DKIM - and
in the similar path with the selector that you are using for the sealing
…On Sat, Jan 4, 2020, 19:04 lukas ***@***.***> wrote:
Nope, I don't think so. To be honest I have only little idea what I am
doing here... Where can/should I publish it?
And which documentation did I not read? :)
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#124?email_source=notifications&email_token=AAGU3SOF5YIGTI6AZSFNFVTQ4FE4NA5CNFSM4KCY24YKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIDF5KY#issuecomment-570842795>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGU3SIB7F3R44TJUNMB4PDQ4FE4NANCNFSM4KCY24YA>
.
|
|
Like this? And what is the domain record? Does that have to do with the selector? For DKIM I have: And where is the docs? Sorry, I am really lost. |
|
In the header example you cited above, the selector is 201808 (s=). You
would publish the ARC sealing key at 201808._domainkey.<domain>. The ARC
selector can, but does not need to be, different from the DKIM selector.
…--Kurt
On Sat, Jan 4, 2020, 19:18 lukas ***@***.***> wrote:
Like this?
v=ARC1; h=sha256; k=rsa; p=[....]
And what is the domain record? Does that have to do with the selector?
For DKIM I have:
mail._domainkey.domain.com
And where is the docs? Sorry, I am really lost.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#124?email_source=notifications&email_token=AAGU3SMUZ4MFNJNW3EACD5LQ4FGRJA5CNFSM4KCY24YKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIDGSOY#issuecomment-570845499>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGU3SJZMCFYYRS6TFWGRULQ4FGRJANCNFSM4KCY24YA>
.
|
|
Does that mean if I use the same selector for ARC and DKIM as well as the same keys, I can use only one TXT record for both? Or do I need to replace |
|
You should be able to use just one record. You can check to see what Google
publishes as a reference (I'm working on dinner so I don't have a real
keyboard right now).
…On Sat, Jan 4, 2020, 19:45 lukas ***@***.***> wrote:
Does that mean if I use the same selector for ARC and DKIM as well as the
same keys, I can use only one TXT record for both? Or do I need to replace
v=DKIM1 with v=ARC1?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#124?email_source=notifications&email_token=AAGU3SPGQATEDP2HPP4YUX3Q4FJVDA5CNFSM4KCY24YKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIDHUSA#issuecomment-570849864>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGU3SMCT63KBDDLLPEGEATQ4FJVDANCNFSM4KCY24YA>
.
|
|
I read in another thread, that I can only use one key for one server. Since I have multiple domains running, I am using the keys of the primary domain. Reusing the record will not work then. (DKIM uses one key each domain) I checked googles record: And set mine accordingly: Now I am getting a Bon appetit! :) |
|
Alright. I think I got it now. @kurta what do you think? This is a forwarded message to gmail. Does this look like OpenARC proper signed the chain and everything is good? Does |
|
Yes, the ARC chain looks good. I'm surprised that there are no DKIM
signatures on the message but that's not critical.
…--Kurt
On Sun, Jan 5, 2020, 07:44 lukas ***@***.***> wrote:
Alright. I think I got it now. @kurta <https://github.com/kurta> what do
you think? This is a forwarded message to gmail. Does this look like
OpenARC proper signed the chain and everything is good?
Does i=2 mean that the chain is 2 steps long?
``
0 = sender
1 = my email server
2 = gmail
ARC-Seal: i=2; a=rsa-sha256; t=1578238460; cv=pass;
d=google.com; s=arc-20160816;
b=Ect8OKiv/DclvqS8CdYEA0dzeqe0IrxsxDGhy+aIqxtDTVhFsQaHHbENfEqC3hxxOz
AXwtTv51Ag43dBE9bg2vNCbhOGb4+3JnOFtPg9vXhF7FpwRbxlGXkPTwvAX7z8u4gzV/
tc/T5ydmk4HqDhXOj4vq1V7icApTUrQf+7eJD1t1yVCds78VxxX7VIkGm6ieQ1jJ94sF
n2DMIqtWAD3TRYzucbJA5GxhsNxWTzimaWtLBg+dOY97T39y8ZNriMknbWOLalwaYefo
UZUKEczxrXb3gGzy2UZscS1qOsS0jraBAGT/iVvvMNI8odTiPWCIMl5uyfMHVzrEQelx
Bj0w==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=content-transfer-encoding:subject:to:from📅message-id
:mime-version:arc-filter;
bh=pwCRxelulesFS4CeB7c7JkXr7yW4Mx6hmFEr6sYnDiQ=;
b=FwltbwdAOAVvQeJIUscD/6bV5rjxxqmDWuiWjJkWA4W+illmyBjU+cwAHppgQxu4ME
Jq1mu/hJIjbl/nT60kC9cIuWIyOx/fPBSW4knfO/uz6WskBhdV87x6lCVKTxbCARdo8G
IfxS+9IbTdyW21O6dolPX3i5UA/sTwRSM0TM2FKLP1/afh6LFcTgxqGhbf5nZ29lhPXj
B+vIy9uCqjTsklTOQ3U3D9D9ZkEXR/s3TWFic9imHlV2i0MBBfocaMH0R3qmMjiuxfIO
m0y7tsh0TAPqHogDanI6R8hGkXTTV5V8faJGdh9g4oua8F9FHa3NtysbyMitdU+dfrrS
C48g==
ARC-Authentication-Results: i=2; mx.google.com;
arc=pass (i=1);
spf=pass (google.com: domain of srs0=scn3=22=ismyemailworking.com=
***@***.*** designates 111.111.111.111 as permitted sender)
***@***.***"
Return-Path: ***@***.***
Received: from mx0.domain.com (mx0.domain.com. [111.111.111.111])
by mx.google.com with ESMTPS id i14si51706513wrr.238.2020.01.05.07.34.19
for ***@***.***
(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
Sun, 05 Jan 2020 07:34:20 -0800 (PST)
Received-SPF: pass (google.com: domain of srs0=scn3=22=
***@***.*** designates 111.111.111.111 as
permitted sender) client-ip=111.111.111.111;
Authentication-Results: mx.google.com;
arc=pass (i=1);
spf=pass (google.com: domain of srs0=scn3=22=ismyemailworking.com=
***@***.*** designates 111.111.111.111 as permitted sender)
***@***.***"
X-Virus-Scanned: Yes
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=108.60.212.145;
helo=ismyemailworking.com; ***@***.***;
receiver=
Authentication-Results: mx0.domain.com; dmarc=none (p=none dis=none)
header.from=ismyemailworking.com
ARC-Filter: OpenARC Filter v0.1.0 mx0.domain.com D17BA60733
Authentication-Results: mx0.domain.com; arc=none
ARC-Seal: i=1; a=rsa-sha256; d=domain.com; s=201808; t=1578238458;
cv=none;
b=J0U8fGHFuxqnrdq276+3KjUcN6/WrNqIZHULDN4UhK2gw77KnV/RQnzbIkjne7d6VKoAalK08Zw+extVf/BXtKzBdACxgvZV0O7V3/k8EtM43d65jVv/4qAX7mwtXYxkiBEG4MHE9bhDdYfFuoBhUtf+MEESDQQQEMoEift1TbASYECvRI4DBSMl9KVRjHrpIznzc7ZrZbcPhvo1mIiBGezK/wXqTb5ZWpTMrcgS6l3Jlj75+8X7eB0yWNS1naLgUrZamrZtpi73qPry/Rckdqt/YOXfCrx/ZeYMB8LErjE9JzqT56jsqjjXuLnVy3C5fceRxc+YqHTD+0hc7o84sQ==
ARC-Message-Signature: i=1; a=rsa-sha256; d=domain.com; s=201808;
t=1578238458; c=relaxed/simple;
bh=pwCRxelulesFS4CeB7c7JkXr7yW4Mx6hmFEr6sYnDiQ=;
h=Received-SPF:MIME-Version:Message-ID:Date:From:To:Subject:
Content-Type:Content-Transfer-Encoding;
b=Mll/jlcyKqf8SvRnBvX9WhaTR7Z5KtOiDPJHoLnIhRZsn21kJM9U2hunwGHFWHEz7cPCF4vFcnnff9z4Kys6D7LI540K0vG6idutiHMna6201Pu2E+aoaICeVZ/17AUOr7bFYklA3hjeDGmahog9YDq0ZmfWK4bl9Jnw3Q2XB6d+iTHTbrYEBkbzYUzwMJgGOhkwy68dJQ9vYMH2Ibss0wvcaZiRaxpiw9ie3/6kk1jO3tFf2p/8TaowXDTKfw1tzqVn4x7ght7zCm9A2JlCje5f/UAk3BZNkFJlOY3DfeX6+ByOfN+N40xG5j5y81pl4wZddKYwh5yC6ZHp//RSmQ==
ARC-Authentication-Results: i=1; mx0.domain.com; arc=none
Received: from IsMyEmailWorking.com (ismyemailworking.com
[108.60.212.145]) by mx0.domain.com (Postfix) with ESMTP id D17BA60733
for ***@***.***; Sun,
5 Jan 2020 15:34:17 +0000 (UTC)
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#124?email_source=notifications&email_token=AAGU3SNP5N75ZFZUH27W6JLQ4H55TA5CNFSM4KCY24YKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIDZRRI#issuecomment-570923205>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGU3SNPZDL5FD2DFA3H5F3Q4H55TANCNFSM4KCY24YA>
.
|
|
I think the issue with the missing DKIM is that |
|
But your forwarder can add its own DKIM signature. I see that it is doing
SRS to address the SPF forwarding breakage.
…On Sun, Jan 5, 2020, 12:43 lukas ***@***.***> wrote:
I think the issue with the missing DKIM is that ismymailworking.com does
not use DKIM for whatever reason. Here is a header from a github-mail
forwarded to my GMail:
Delivered-To: ***@***.***
Received: by 2002:a67:ce12:0:0:0:0:0 with SMTP id s18csp20652289vsl;
Sun, 5 Jan 2020 08:44:54 -0800 (PST)
X-Google-Smtp-Source: APXvYqyxvf4jB0mBR6igvjdHLd1ZfZK+LTIalWYiDEujK/a/uEggQYXSt1y7zqMdMrTM+/qD8bYo
X-Received: by 2002:a5d:5704:: with SMTP id a4mr97989661wrv.198.1578242694748;
Sun, 05 Jan 2020 08:44:54 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1578242694; cv=pass;
d=google.com; s=arc-20160816;
b=w80imn2lasBKiX1jJbV4VIAoOPPLIJtezgcQKkIb6YPyKiWlGfGEJJJ1+yX4rx4kUS
hpK/PKI8EHZzGQnSIB073Ho4PXeZf0w1VxJ2IIMdJdN9Xps/XKP3gkEVNmlllC0Ph/9D
NQ14Rt05nO3eCETGiBfnO8kSCherteBEk8rODnFIBLy82nZR72nANQkixUIcBuhMeyeS
UUl+vZnWsT+M5ppAa3B4noi2Amr92WXVp+NPvk8RRqP2r9vFvY9ReqRwN0SPpVwbeITo
btDcgrtxd8XYDfZqfb/nUV9oEzj+dmHq8cYExx85ggN2D20GEHXW7ZAxOWQyJj2d7Ya6
FTYA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=list-unsubscribe:list-post:list-archive:list-id:precedence
:content-transfer-encoding:mime-version:subject:references
:in-reply-to:message-id:cc:to:reply-to:from:date:dkim-signature
:arc-filter;
bh=2b7U3dMs52xPA8n8LErBrTLrsTnfHHdnGRtlbTpSPXo=;
b=WJAa97GdiLGB7PHBvGTmySnEHFmAgjm4AaPHvMegHjQxEtvWAQ14AVJRqpIqHAk6E9
32rusXgWk9ogJ/hoqCw83FucIUIMUmWHxZsfz9ynbwDY44+BcKnB65Y1gXNlYUA5gU07
TqB5WTfyVkuP1cTNLkYvBdnX2j/azcZqWlrvua4oZdnuJHISlAvtvnKBO0wA8ONzuZsK
wH+7kK2Uo+6diZSmMDC4/rRld90Veh3u9WrRMZ9AqmBohS5DuEUYPEPeDAWXQFpUQG0x
CeYNtqB5vILTI0U0mN+zH4e/HLQvX18pff4MmIaIkT8CcyQzHxk9FQBLLmuOi78sTpId
/p3A==
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass (test mode) ***@***.*** header.s=pf2014 header.b=MGBfrKg6;
arc=pass (i=1 dkim=pass dkdomain=github.com);
spf=pass (google.com: domain of ***@***.*** designates 111.111.111.111 as permitted sender) ***@***.***";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=github.com
Return-Path: ***@***.***>
Received: from mx0.domain.com (mx0.domain.com. [111.111.111.111])
by mx.google.com with ESMTPS id q18si16300906wmg.171.2020.01.05.08.44.54
for ***@***.***>
(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
Sun, 05 Jan 2020 08:44:54 -0800 (PST)
Received-SPF: pass (google.com: domain of ***@***.*** designates 111.111.111.111 as permitted sender) client-ip=111.111.111.111;
Authentication-Results: mx.google.com;
dkim=pass (test mode) ***@***.*** header.s=pf2014 header.b=MGBfrKg6;
arc=pass (i=1 dkim=pass dkdomain=github.com);
spf=pass (google.com: domain of ***@***.*** designates 111.111.111.111 as permitted sender) ***@***.***";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=github.com
X-Virus-Scanned: Yes
X-Spam-Flag: NO
X-Spam-Score: 0.152
X-Spam-Level:
X-Spam-Status: No, score=0.152 tagged_above=-999 required=6.2 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, SURBL_BLOCKED=1, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=192.30.252.203; helo=out-20.smtp.github.com; ***@***.***; receiver=<UNKNOWN>
Authentication-Results: mx0.domain.com; dmarc=pass (p=none dis=none) header.from=github.com
ARC-Filter: OpenARC Filter v0.1.0 mx0.domain.com 5F88560736
Authentication-Results: mx0.domain.com; arc=none
ARC-Seal: i=1; a=rsa-sha256; d=domain.com; s=201808; t=1578242692; cv=none; b=Gxz/UoQ/cVYyPpEXRkDqIqJYa174Qts8kUmKjizrNZ6rl/ng9F263wHQwu2DIlqOyrP5mgPhTcpXxDVEOhQ52SRFfh79Iw527gWxP+KdBSHxjC3CfBUrpBvkR4S7DT2zORGxaucbpYYhoS2W83G9q8N2rxoOQix/jbtTNL1nBV/Kc3zmzFBGku/QOgFFI7IvAnygbmBmER/HIN57RRw8WdXsGFVbBiD9JIGMqE92TP7wPqBFRuBiKFp9h3ZywQkAOG8CPYn641koFtIJw2k1yNoxyEBaC86m+WGlmKLspwLF+njekkRSQT1RqCpaHd4W85NiGA2vu/h65pYmn84oaA==
ARC-Message-Signature: i=1; a=rsa-sha256; d=domain.com; s=201808; t=1578242692; c=relaxed/simple; bh=OeHAFYgpfq7hdCzWfH7qcEpoznna+XievF6VcPWm9nk=; h=Received-SPF:Received:DKIM-Signature:Date:From:Reply-To:To:Cc:
Message-ID:In-Reply-To:References:Subject:Mime-Version:
Content-Type:Content-Transfer-Encoding:Precedence:X-GitHub-Sender:
X-GitHub-Recipient:X-GitHub-Reason:List-ID:List-Archive:List-Post:
List-Unsubscribe:X-Auto-Response-Suppress:
X-GitHub-Recipient-Address; b=DNYPK11+PTPjy9gAEDA6Ohv/ZuIShlLyKuiwyXLk/xT/ud4rbluYWXYj5xCVUh4A2YyakVg9lFsLvi4uwlTEaQmnl+juufvHKHQIfj3NQzH0JLOsiQiy2LDNBfHuTpYIiobyG0OrfilOstwnXwMgp5jy9M//ZfW6aYQ7mweIROzUay+tYmaV0BzV9OaPzrRP5rq66/exRudpXVmpLboiwKQ+6hJOiYNPkHeTD3sqy25yqAfEbEUT3aaikVTK+84I9nvgTix7o98dtTeat7D0rmV0fm2vzIuDhjd0H9cBSpLu4Gc/WJKhSq5uPWOKOUXj6w0njlij1h09IBkCLURZXw==
ARC-Authentication-Results: i=1; mx0.domain.com; dkim=pass (1024-bit key; unprotected) header.d=github.com ***@***.*** header.b=MGBfrKg6; dkim-atps=neutral; arc=none
Authentication-Results: mx0.domain.com; dkim=pass (1024-bit key; unprotected) header.d=github.com ***@***.*** header.b="MGBfrKg6"; dkim-atps=neutral
Received: from out-20.smtp.github.com (out-20.smtp.github.com [192.30.252.203]) by mx0.domain.com (Postfix) with ESMTPS id 5F88560736 for ***@***.***>; Sun,
5 Jan 2020 16:44:52 +0000 (UTC)
Received: from github-lowworker-2ef7ba1.ac4-iad.github.net (github-lowworker-2ef7ba1.ac4-iad.github.net [10.52.16.66]) by smtp.github.com (Postfix) with ESMTP id 240778C006D for ***@***.***>; Sun,
5 Jan 2020 08:44:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1578242685; bh=2b7U3dMs52xPA8n8LErBrTLrsTnfHHdnGRtlbTpSPXo=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID:
List-Archive:List-Post:List-Unsubscribe:From; b=MGBfrKg6xqJYkiUEeWu4xGmQoT9B8FF3VBqieeezmORCcz/Z0fdpmqOSD5J/p/DgZ
2WTcJOi8/2IYtHElmKfyGwrjNCUPdLX+5R0AnNbquLvPeE1f/HNCzdPKoaGYuS5g1V
9POlREWMk/2amPNL02bFOQEGG+qd79QJJdo5B8rw=
Date: Sun, 05 Jan 2020 08:44:45 -0800
From: kurta ***@***.***>
Reply-To: "trusteddomainproject/OpenARC" ***@***.***>
To: "trusteddomainproject/OpenARC" ***@***.***>
Cc: lukas ***@***.***>, Author ***@***.***>
Message-ID: ***@***.***>
In-Reply-To: ***@***.***>
References: ***@***.***>
Subject: Re: [trusteddomainproject/OpenARC] Postfix implementation (#124)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e12127d14d92_23e43ff2adacd96c527667"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kurta
X-GitHub-Recipient: mindrunner
X-GitHub-Reason: author
List-ID: trusteddomainproject/OpenARC <OpenARC.trusteddomainproject.github.com>
List-Archive: https://github.com/trusteddomainproject/OpenARC
List-Post <https://github.com/trusteddomainproject/OpenARCList-Post>: ***@***.***>
List-Unsubscribe: ***@***.***>, <https://github.com/notifications/unsubscribe/AAKZDJWRBNIM2LGPQWHY77TQ4IE73ANCNFSM4KCY24YA>
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: ***@***.***
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#124?email_source=notifications&email_token=AAGU3SJQMXBR6CDCQQOUJCDQ4JBATA5CNFSM4KCY24YKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEID7CUA#issuecomment-570945872>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGU3SOQEDWE7KQ734R4UQDQ4JBATANCNFSM4KCY24YA>
.
|
|
@mindrunner I am trying to do the same thing, forward email to google. As it seems you have it working, can you give us some more details on how you did it? Thanks! |
I assumed it is doing that and the setting for this is in postifx's Do you see any issue with this setup? Is my mailserver not adding it's signature? Sorry, I am still not super confident in reading mail headers.
Yes, SRS is activated! :)
@gkohri Sure, happy to assist. However, maybe you could ask more precisely what you need. |
|
When I forward an email to google, this is what I see at the top of the chain: Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate 36.250.17.15 as permitted sender) client-ip=36.250.17.15; So, yes, the software is producing a ARC chain, but google seems not to like it. |
|
Please tell us more about your whole setup. Also please post full Email headers from Google! :) |
|
Solved it. Perhaps it was my bad. I thought that with ARC we no longer needed SRS, but we do. |
|
On 2020-01-13 02:48, Greg Kohring wrote:
Solved it. Perhaps it was my bad. I thought that with ARC we no longer
needed SRS, but we do.
ARC requires trust between the two parties. An ARC signature can be
faked.
|
This was referenced Jan 13, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am trying to add this to docker-mailserver which uses postfix.
See #123 for the previous discussion.
I have a first attempt. See here: docker-mailserver/docker-mailserver#1346 (comment)
However, it seems like OpenArc is not doing anything and/or never being triggered. Any ideas what I am missing?
The text was updated successfully, but these errors were encountered: