Open pcolmer opened 2 years ago
+1
I'm also finding the same with Outlook.com. I've tried all the patches I can find, and it's still showing an ARC fail.
Just to add that I've also just tried with Zoho, and that appears to be showing valid ARC signatures. That's with my locally-patched version of OpenARC though, so it's possible I've applied something that fixes the original problem.
@pcolmer @rdemendoza - are you still having problems with Zoho?
I'm trying to get ARC set up on a Mailman 3 server. I'm using Postfix as the MTA and OpenDKIM for the DKIM piece. As ARC sealing needs to happen after signatures, I've installed OpenARC rather than using the functionality in Mailman 3 (since the latter would result in sealing before signatures).
I've been sending and receiving emails from a Zoho Mail mailbox, partly because that seems to give me clearer headers but the upshot is that Zoho claims that the ARC signature from OpenARC is invalid.
I've changed domains and IP addresses.
In
/etc/openarc.conf
, I've defined:I mostly followed the instructions I found at https://weber.fi.eu.org/blog/Informatique/openarc_with_postfix_on_debian_10.html?lang=en so I'm not sure if items like
OversignHeaders
are correct or not.Edited to add:
Reading the man page for
openarc.conf
, I read this part for "OversignHeaders": "Note that listing a field name here and not listing it in the SignHeaders list is likely to generate invalid signatures." Since I wasn't defining anything for "SignHeaders", I've commented out the definition for "OversignHeaders", restarted OpenARC and sent another test. Unfortunately, Zoho still reports a "Bad Signature".Edited: I've switched to the
develop
branch of OpenARC and incorporated the changes from https://github.com/trusteddomainproject/OpenARC/pull/145, https://github.com/trusteddomainproject/OpenARC/pull/141 and https://github.com/trusteddomainproject/OpenARC/pull/121. I've updated the headers above to reflect a test performed after changing the OpenARC code. Unfortunately, Zoho still says the signature is bad.Edited: I've tried explicitly setting SignHeaders (to
SignHeaders to,subject,message-id,date,from,mime-version,dkim-signature,arc-authentication-results
) but that didn't help either.