ARC-Authentication-Results, openarc not working correctly, RHEL7 #164
Comments
|
wol4arishe skrev den 2023-06-06 09:51:
SignHeaders
to,subject,message-id,date,from,mime-version,dkim-signature,arc-authentication-results
remove dkim-signature and arc-authentication-results
dont sign headers that can be added later
and lastly dont dkim sign after arc-sign/arc-seal
orders does matter
|
|
@xpunkt Many thx for support! Removed dkim-signature and arc-authentication-results as You recommended. Unfortunately result is the same. Authentication-Results: lsa-mx2.dmz.baltic.seb.net; dmarc=pass (p=none dis=none) header.from=gmail.com Maybe problem related to DKIM, DMARC, OpenARC Milter sequence in Postfix /etc/postfix/main.cf ? 8891 = opendkim, 8893 = opendmarc, 8894 = openarcsmtpd_milters = inet:localhost:8891, inet:127.0.0.1:8894, inet:127.0.0.1:8893 Kind regards, |
In the EOM(end of message) and EOH(end of header) milter protocol stage[1], postfix calls milters as the order described in smtpd_milters setting[2]. So the former milters cannot get the headers added by the latter milters. [1] libmilter/docs/overview.html in sendmail source (e.g. https://fossies.org/linux/sendmail/libmilter/docs/overview.html) |
|
is lsa-mx2.dmz.baltic.seb.net trusted in all milters ? is all local ips trusted in all milters ? is all wan ips known by all millters ? best order of your milters is correct, but trustness migt fail in opendmarc, this is not a bug then, its a config error so more help i need sample email with i test in spamassassin with authres, i don't trust rspamd :=) |
|
The order should be opendkim -> opendmarc (because it depends on AR from opendkim) -> openarc(for AAR, depends on AR from opendkim and AR from opendmarc). However the order described above is opendkim -> openarc -> opendmarc, thus openarc cannot get the results of opendmarc. |
Dear all,
Installed openarc RPM on RHEL7.
Sent test mail from gmail.com. Unfortunately ARC-Authentication-Results shows wrong result.
No errors in logs.
If you have ideas - pls help !
rpm -qa|grep openarc
openarc-1.0.0-0.1.Beta0.el7.x86_64
libopenarc-1.0.0-0.1.Beta0.el7.x86_64
Headers:
Authentication-Results: lsa-mx2.dmz.baltic.seb.net; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: lsa-mx2.dmz.baltic.seb.net; spf=pass smtp.mailfrom=gmail.com
Authentication-Results: lsa-mx2.dmz.baltic.seb.net; arc=none smtp.client-ip=209.85.221.52
ARC-Seal: i=1; a=rsa-sha256; d=seb.ee; s=sebmail; t=1686037177; cv=none; b=I1htSuVMrX5iemDLKOg1ydh5nSDSVCQ7tjxFsjrDzt9HDfTKIkkPLFiahysFGkL9kvE7bmf+01PhSEGPUUcNLWMMlCMoawJbn1/GSh68+69KRw+vRHTq2LoHiCSllB9ezZ+8b1wnQxP/WH14j7VAOSrf1yk5CabccE04hf6j0f0=
ARC-Message-Signature: i=1; a=rsa-sha256; d=seb.ee; s=sebmail; t=1686037177;
c=relaxed/simple; bh=9toZLEb80E64FHGFPxjhWaXZy/evVVoz/Y6G/YoH1Ds=;
h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=idXx7z1WiHIRboZUsXPDxFwPCXK8/so98c7qFP6AOavnBJL4lCFau6s0It7k77pmP7eXSuvgNXD2Khxde0wgIK41zX92ukZgHzzn84Xe/Ofc6xpNeo5D3DGIRAemGHHOGeaaVZ63PauvaIkm6bHfi9/lGFgjMLTLSHJ+RV6BRGw=
ARC-Authentication-Results: i=1; hostname.domain.net; arc=none smtp.client-ip=209.85.221.52
Config:
cat /etc/openarc.conf
See openarc.conf(5) or /usr/share/doc/openarc-1.0.0/openarc.conf.sample for more
PidFile /var/run/openarc/openarc.pid
Syslog yes
#Umask 002
UserID openarc:openarc
Socket inet:8894@localhost
After setting Mode to "sv", running
opendkim-genkey -D /etc/openarc -s key -d phx2.fedoraproject.org
and putting /etc/openarc
Mode sv
Canonicalization relaxed/simple
#Canonicalization relaxed/relaxed
Domain xxx.ee
#...Selector outmail
Selector sebmail
#...KeyFile /etc/openarc/xxx.ee/default.private
KeyFile /etc/openarc/xxx.ee/sebmail.private
SignatureAlgorithm rsa-sha256
SignHeaders to,subject,message-id,date,from,mime-version,dkim-signature,arc-authentication-results
MilterDebug 6
Kind regards,
Arturs Kornejevs
The text was updated successfully, but these errors were encountered: