Hi, I'm using postfix-3.8.5 on fedora40 and having a problem with forwarding mail from our relay to gmail recipients. We have some users using ~/.forward files to individual gmail accounts. Obviously not ideal, but I hoped openarc could help alleviate some of those problems.
Aug 3 17:01:48 cipher postfix-gmail/smtp[478730]: 9415A3D59D: host gmail-smtp-in.l.google.com[142.251.179.26] said: 421-4.7.26 Your email has been rate limited because it is unauthenticated. Gmail 421-4.7.26 requires all senders to authenticate with either SPF or DKIM. 421-4.7.26 421-4.7.26 Authentication results: 421-4.7.26 DKIM = did not pass 421-4.7.26 SPF [clclodging.com] with ip: [209.216.111.60] = did not pass 421-4.7.26 421-4.7.26 For instructions on setting up authentication, go to 421 4.7.26 https://support.google.com/mail/answer/81126#authentication 6a1803df08f44-6bb9c83f500si53204456d6.247 - gsmtp (in reply to end of DATA command) Gmail doesn't recognize the above as a forwarded email, so DKIM and SPF fail. Will openarc solve the issue above with authentication failure? Here is my openarc.conf: PidFile /run/openarc/openarc.pid Syslog yes UserID openarc:openarc Socket local:/run/openarc/openarc.sock Mode sv SignHeaders to,subject,message-id,date,from,mime-version,dkim-signature PeerList /etc/openarc/PeerList MilterDebug 1 AuthservID cipher.example.com Canonicalization relaxed/simple Domain mail.example.com InternalHosts /etc/openarc/TrustedHosts KeyFile /etc/openarc/keys/example.com/default FinalReceiver yes Selector default Here is a message like the one above. It says the DKIM signing key for hotelplanner.com was too small? The "cv=none" indicates my server ( mail.example.com) was unable to locate an ARC chain to validate? ARC-Seal: i=1; a=rsa-sha256; d=mail.example.com; s=default; t=1722724259; cv=none; b=fOYv8Kqb6qKgdKewEx25qkFRyWD9KtaUPDn7w59/sqLWtL1aNNQ6OJtn9baAeF512/zP0y8dCpk9O0WifqObfjOJqv+mekC2Zg6qUJeKV0vDcWAiUihZ8vzWJSWIprAUVogVHY/3KodK99EceZDqDGsRVI3lGQzx1s/3EN2PLWc= But it was able to add its own ARC message, it appears: ARC-Message-Signature: i=1; a=rsa-sha256; d=mail.example.com; s=default; t=1722724259; c=relaxed/simple; bh=RnZKEmC2EEAMNOzvw+eIxkLYVgp2xb6lRNdcxiooPwY=; h=DKIM-Signature:Date:From:To:Message-ID:Subject:MIME-Version; b=s9SviFMfjkc5O35u5m9bmB3M2cdpUoD+kewzbfREmir9zuIYX/R/i8VjwDvA6qsvinXTy25tZjork4PJLp5fPC5mYMMCFrGHbQeOR/YtBrj0uY7SWr7JeVax8/8VEmwxZN291AxJpRXufQOwRqrrperI17Fj+dJ8Db4vknnPuS4= ARC-Authentication-Results: i=1; cipher.example.com; dkim=policy (512-bit key, unprotected) header.d=hotelplanner.com header.i=@hotelplanner.com header.a=rsa-sha256 header.s=HotelPlanner header.b=Eh3MZYHI reason="signing key too small" As well as DKIM sign the message: DKIM-Filter: OpenDKIM Filter v2.11.0 cipher.example.com E73BC3F217 Authentication-Results: cipher.example.com; dkim=policy reason="signing key too small" (512-bit key, unprotected) header.d=hotelplanner.com header.i=@hotelplanner.com header.a=rsa-sha256 header.s=HotelPlanner header.b=Eh3MZYHI Thanks for any guidance. Alex
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org