On Tue, 21 Apr 2020, Tom Crane via Exim-users wrote:
> On Mon, 20 Apr 2020, Jeremy Harris via Exim-users wrote:
>
>> On 20/04/2020 14:33, Tom Crane via Exim-users wrote:
>>> I am attempting to configure my server (exim-4.92.3) to ARC
>>> (Authenticated Received Chain) sign and possibly also verify messages.
>>
>> There's been several ARC-related fixes since then; I suggest you
>> consider moving closer to the bleeding-edge.
>
>
> I will do so. exim-4.93.tar.bz2 looks like the latest stable release to
> build.
I spent many hours unsuccessfully trying to build exim-4.93 on SLC6 (RHEL6
derivative). It appears to need a large number of patches, as there are
in the EPEL distro's rpmbuild script for exim-4.92.3.
I gave up and enabled ARC using the system's current exim-4.92.3 rpmbuild
system. The initial/testing (exim.conf) configuration I have now is,
acl_check_data:
warn verify = arc
warn logwrite = arc_state: <$ arc_state> condition = $ {if def: arc_state_reason} logwrite = reason: <$ arc_state_reason>
accept add_header =: at_start: $ {authresults {$primary_hostname}}
...
remote_smtp:
driver = smtp
dkim_domain = $sender_address_domain
dkim_selector = selector3
dkim_private_key = /etc/exim/dkim/selector3.pem
dkim_canon = relaxed
arc_sign = $primary_hostname : selector3 : /etc/exim/dkim/selector3.pem
...
Now I get "ARC: no Authentication-Results header for signing" logs for
each email processed in /var/log/exim/main.log and no emails get any ARC-*
header fields added or an added "Authentication-Results:" field.
>From the experimental-spec.txt file,
Caveats:
* There must be an Authentication-Results header, presumably added by an ACL
while receiving the message, for the same ADMD, for arc_sign to succeed.
This requires careful coordination between inbound and outbound logic.
Is this the reason I get no ARC-* header added? If so why is the above
add_header statement not doing so?
Thanks
Tom Crane
