ARC: cutthrough delivery may not be used with ARC signing

3 files changed, 7 insertions, 2 deletions

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 9a05c3471..61fd30bf8 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -163,6 +163,7 @@ PP/02 DANE: add dane_require_tls_ciphers SMTP Transport option; if unset,
 JH/34 Re-introduce enforcement of no cutthrough delivery on transports having
       transport-filters or DKIM-signing.  The restriction was lost in the
       consolidation of verify-callout and delivery SMTP handling.
+      Extend the restriction to also cover ARC-signing.
 
 
 Exim version 4.90
diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt
index 0828e9b67..4e8e59148 100644
--- a/doc/doc-txt/experimental-spec.txt
+++ b/doc/doc-txt/experimental-spec.txt
@@ -819,6 +819,10 @@ Caveats:
    should try to stick to one ADMD, so pick a primary domain and use that for
    AR headers and outbound signing.
 
+Signing is not compatible with cutthrough delivery; any (before expansion)
+value set for the option will result in cutthrough delivery not being
+used via the transport in question.
+
 
 
 --------------------------------------------------------------
diff --git a/src/src/verify.c b/src/src/verify.c
index 1df856604..1555838ac 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -1033,10 +1033,10 @@ no_conn:
         cutthrough.delivery= FALSE;
         HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of transport filter\n");
         }
-      if (ob->dkim.dkim_domain)
+      if (ob->dkim.dkim_domain || ob->arc_sign)
         {
         cutthrough.delivery= FALSE;
-        HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of DKIM signing\n");
+        HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of DKIM or ARC signing\n");
         }
       }