[exim] Re: ARC: How to verify OUTBOUND arc signing for local…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Bill Cole
Date:  
À: Jeremy Harris via Exim-users
Sujet: [exim] Re: ARC: How to verify OUTBOUND arc signing for locally generated messages
On 2024-02-09 at 09:38:27 UTC-0500 (Fri, 9 Feb 2024 14:38:27 +0000)
Jeremy Harris via Exim-users <jgh@???>
is rumored to have said:

> On 2/9/24 14:09, Bill Cole via Exim-users wrote:
>>> Should I add an Authentication-Results header for mail coming in via
>>> 587?
>>
>> NO.
>>
>>> Or am I misusing/abusing ARC?
>>
>> That.
>>
>> ARC is for forwarding systems.
>
> Probably per the real intent of ARC, yes.
>
> But it's technically possible to regard what an MSA does
> as "forwarding", and you could reasonably add an AR on
> reception on 587 to label whatever exim did to authenticate
> the client (eg. an SMTP AUTH method such as PLAIN) -
> and initiate an ARC chain using that.


Ewww. :)

There's already a widespread mechanism in broad use for tagging a
message as having used SMTP AUTH at a particular MTA: 'ESMTP[S]A' in the
relevant Received header. Some systems even put the authentication
identity there. I expect that any automated system looking for
indicators of authentication at a SMTP/Submission "hop" will already be
relying on that rather than looking for an AR header. BICBW



--
Bill Cole
bill@??? or billcole@???
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/