Re: [exim] ARC signing and verification

On 20/04/2020 14:33, Tom Crane via Exim-users wrote:
>     I am attempting to configure my server (exim-4.92.3) to ARC
> (Authenticated Received Chain) sign and possibly also verify messages.

There's been several ARC-related fixes since then; I suggest you
consider moving closer to the bleeding-edge.

> I already DKIM sign messages which verify on external receiving MTAs
> when the sender address is in my local domain.  The server also
> maintains a set of distribution lists expanded from aliases.  Some of
> the senders to these distribution lists are outside my local domain
> which breaks DKIM verification, which is why I want to try ARC signing.
>
> I accept ARC is a new, experimental feature in EXIM but the
> documentation in doc/experimental-spec.txt is very brief.  The thing I
> really need is some simple worked example configurations.
>
> Ideally I just need to check whether an incoming message was for one of
> my distribution lists and if so ARC sign it.
>
> Currently I have tried this simple configuration,
>
> remote_smtp:
>   driver = smtp
>   dkim_domain = $sender_address_domain
>   dkim_selector = selector3
>   dkim_private_key = /etc/exim/dkim/selector3.pem
>   dkim_canon = relaxed
>
> EXPERIMENTAL_ARC=yes
> arc_sign = $primary_hostname : selector3 : /etc/exim/dkim/selector3.pem

The line "EXPERIMENTAL_ARC=yes" needs to go in the Local/Makefile
for the build of exim. You need to build your own, if you are not
using a distro that does.

The current "experimental-spec.txt" says:
"Enable using EXPERIMENTAL_ARC=yes in your Local/Makefile".

It does not need to go in your config. What you have there is a
macro definition (and likely never used).

> but exim fails to start with "Exim configuration error in line XXX"
> "transport name missing"
>
> where line XXX is the 'arc_sign = ' line.
>
> What am I doing wrong?

Check the "Support for" line from "exim -bV". If it doesn't mention ARC
then you are running a build without ARC. I suspect this is the case.
--
Cheers,
Jeremy