> On Jan 2, 2023, at 4:20 PM, raf <post...@raf.org> wrote:
>
> On Mon, Jan 02, 2023 at 08:32:42PM +0000, "Cooper, Robert A"
> <racoo...@tamu.edu> wrote:
>
>> I have a request from my downstream Exchange admins to look into
>> implementing ARC sealing in some postfix relay servers we use for
>> address rewriting. From the bit of research I've done, it looks like
>> this would require being implemented in an external milter. I had not
>> even heard of ARC before today; it looks like it's an experimental RFC
>> from 2019 that Microsoft and Google have implemented in their systems.
>> Does anyone have experience with ARC or how to set it up with postfix?
>>
>> Thanks
>> RobertC
>
> You could look into OpenARC (https://github.com/trusteddomainproject/OpenARC).
> I was under the impression that it wasn't finished, but I think that's wrong.
> I've heard of people using it. It's written by the same group that wrote
> OpenDKIM.
My dayjob is using openarc to seal our mailman mailing list traffic — and
google at least seems to recognize that the seals are valid (this does not mean
that they “trust” it more, just that it validates).
There was some discussion on bind-users that starts here:
https://lists.isc.org/pipermail/bind-users/2022-September/106612.html
Although due to mailman’s archiving being dumb, there’s one more reply here:
https://lists.isc.org/pipermail/bind-users/2022-October/106746.html
I will note that we run our messages though openARC at both the point where
mail enters our network (at our border MXes) as well as on our mailman
machines, which applies a seal both as a message enters, and exits. This is
the way the received chain is supposed to work.
Hope it helps, or at least demystifies?
-Dan
