Support ARC signing of outgoing messages #3
Comments
|
Hi! Thanks for the interest, sadly I'm swamped with work until next Wednesday 29 January, I'll have to read your tickets in detail then. Renewing my mail server setup is due so those are welcome. One thing that had gone through my mind is to rewrite the code in Rust (I'm big into Rust now), but if everything is well set up for Perl I guess I'll just keep it that way. |
|
No rush - five years go by in a flash :) Anyway, for the stuff I've proposed, I think just altering the existing Perl code would be easier - especially since everything needed should already be supported by the libs in use. |
While there is already semi-support for SRS to handle forwarding failures due to SPF, there is not yet any support for ARC, which can do the same for DMARC. This would be very nice to have, and could be reasonably easy to implement. It's also arguably a cleaner approach than SRS.
Mail::DKIM already supports ARC, so messages could be signed using
Mail::DKIM::ARC::Signerinstead of (or rather in addition to)Mail::DKIM::Signer. Given that you're already using this module, this is likely the easiest option.Currently I'm using an approach similar to https://github.com/mbirth/mail-arc but not actually using this script (as I couldn't get it to work). Instead I use the standalone
arcsignwrapper from the dkimpy library (python3-dkimpackage in Debian), initiated in.qmailfiles like this:|arcsign $SELECTOR $DOMAIN $KEY $HOSTNAME | forward <ADDRESS>(where the variables mostly come from a small wrapper script I use around arcsign instead of it directly).It might also be possible to use
rspamadmfrom theRspamdpackage for signing, but I haven't gotten this working yet.Since better-qmail-remote is already wrapping qmail-remote, this would be a more obvious place to handle ARC signing. It would likely lead to a simpler setup, and could also potentially handle things more dynamically.
The text was updated successfully, but these errors were encountered: