Re: Authenticated Receive Chain (ARC Sealing) in Postfix?

Mon, 02 Jan 2023 13:26:39 -0800 

On 1/2/23 15:32, Cooper, Robert A wrote:
I have a request from my downstream Exchange admins to look into implementing ARC sealing in some postfix relay servers we use for address rewriting.  From the bit of research I've done,  it looks like this would require being implemented in an external milter.  I had not even heard of ARC before today; it looks like it's an experimental RFC from 2019 that Microsoft and Google have implemented in their systems. Does anyone have experience with ARC or how to set it up with postfix? 



ARC is not really relevant to most MTAs as such.  ARC exists to solve 
the problem of authenticating mail that contains remailed messages, i.e. 
principally mailing lists, which almost universally break DMARC just as 
a simple matter of the nature of the beast.


Quoting Wikipedia,


Authenticated Received Chain (ARC) is an email authentication system 
designed to allow an intermediate mail server like a mailing list or 
forwarding service to sign an email's original authentication results. 
This allows a receiving service to validate an email when the email's 
SPF and DKIM records are rendered invalid by an intermediate server's 
processing.[1]


(https://en.wikipedia.org/wiki/Authenticated_Received_Chain)


To the best of my knowledge, Postfix itself does not internally support 
ARC, because it doesn't need to in any normal Postfix use case.  On the 
other hand, Sympa (the mailing list manager I use) needs to, and does.



The most I can offer in the edge case you have is that I am aware of the 
existence of something called OpenARC.  I've never tried it and can't 
give any advice about configuring it, but it does exist and is deployed 
as a milter.  So maybe look at OpenARC.  You'll find a host of links to 
other irrelevant things — companies, compilers, recruiting firms, 
second-hand frobnitz dealers — also called OpenArc, but this is probably 
a good place to start:


https://github.com/trusteddomainproject/OpenARC



--
  Phil Stracchino
  Babylon Communications
  ph...@caerllewys.net
  p...@co.ordinate.org
  Landline: +1.603.293.8485
  Mobile:   +1.603.998.6958























					Reply via email to