diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/aux-fixed/4560.mlistfooter | 4 | ||||
| -rw-r--r-- | test/confs/4560 | 84 | ||||
| -rw-r--r-- | test/log/4501 | 2 | ||||
| -rw-r--r-- | test/log/4502 | 2 | ||||
| -rw-r--r-- | test/log/4503 | 5 | ||||
| -rw-r--r-- | test/log/4504 | 5 | ||||
| -rw-r--r-- | test/log/4506 | 12 | ||||
| -rw-r--r-- | test/log/4560 | 102 | ||||
| -rw-r--r-- | test/mail/4560.a | 453 | ||||
| -rwxr-xr-x | test/runtest | 3 | ||||
| -rw-r--r-- | test/scripts/4560-ARC/4560 | 359 | ||||
| -rw-r--r-- | test/scripts/4560-ARC/REQUIRES | 1 | ||||
| -rw-r--r-- | test/stderr/4520 | 1 |
13 files changed, 1019 insertions, 14 deletions
diff --git a/test/aux-fixed/4560.mlistfooter b/test/aux-fixed/4560.mlistfooter new file mode 100644 index 000000000..aa1ec54c8 --- /dev/null +++ b/test/aux-fixed/4560.mlistfooter @@ -0,0 +1,4 @@ + +----- +This is a generic mailinglist footer +---- diff --git a/test/confs/4560 b/test/confs/4560 new file mode 100644 index 000000000..1012a3897 --- /dev/null +++ b/test/confs/4560 @@ -0,0 +1,84 @@ +# Exim test configuration 4560 + +SERVER= + +.include DIR/aux-var/std_conf_prefix + +primary_hostname = test.ex + +# ----- Main settings ----- + +acl_smtp_rcpt = accept +acl_smtp_data = check_data + +log_selector = +received_recipients +dkim_verbose +queue_only + +# ----- ACL ----- +begin acl + +check_data: + warn !verify = arc +.ifdef OPTION + accept +.else + accept add_header = :at_start:${authresults {$primary_hostname}} +.endif + +# ----- Routers ----- + +begin routers + +d1: + driver = accept + local_parts = ^a + transport = tfile + +r2: + driver = redirect + local_parts = ^m + data = ${substr_1:$local_part}@$domain + redirect_router = mlist + +redir: + driver = redirect + data = ${substr_1:$local_part}@$domain + redirect_router = fwd + +fwd: + driver = accept + transport = tsmtp + +mlist: + driver = accept + transport = tmlist + +# ----- Transports ----- + +begin transports + +tfile: + driver = appendfile + file = DIR/test-mail/$local_part + user = CALLER + +tsmtp: + driver = smtp + hosts = HOSTIPV4 + port = PORT_D + allow_localhost +.ifndef OPTION + arc_sign = $primary_hostname : sel : DIR/aux-fixed/dkim/dkim.private +.endif + +tmlist: + driver = smtp + hosts = HOSTIPV4 + port = PORT_D + allow_localhost + transport_filter = /bin/cat - DIR/aux-fixed/TESTNUM.mlistfooter +.ifndef OPTION + arc_sign = $primary_hostname : sel : DIR/aux-fixed/dkim/dkim.private +.endif + +# End diff --git a/test/log/4501 b/test/log/4501 index b4f8d3a74..04edb3284 100644 --- a/test/log/4501 +++ b/test/log/4501 @@ -7,5 +7,5 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= pass@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification failed - body hash mismatch (body probably modified in transit)] -1999-03-02 09:44:33 10HmaY-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=fail (body hash mismatch; body probably modified in transit) header.d=test.ex header.s=sel header.a=rsa-sha1 +1999-03-02 09:44:33 10HmaY-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=fail (body hash mismatch; body probably modified in transit)\n header.d=test.ex header.s=sel header.a=rsa-sha1 1999-03-02 09:44:33 10HmaY-0005vi-00 <= fail@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net diff --git a/test/log/4502 b/test/log/4502 index b5dcd81c8..50d38e012 100644 --- a/test/log/4502 +++ b/test/log/4502 @@ -16,5 +16,5 @@ 1999-03-02 09:44:33 10HmbA-0005vi-00 PDKIM: d=test.ex s=sel_bad [failed key import] 1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel_bad c=relaxed/relaxed a=rsa-sha1 b=1024 [invalid - syntax error in public key record] -1999-03-02 09:44:33 10HmbA-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=neutral (syntax error in public key record) header.d=test.ex header.s=sel_bad header.a=rsa-sha1 +1999-03-02 09:44:33 10HmbA-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=neutral (syntax error in public key record)\n header.d=test.ex header.s=sel_bad header.a=rsa-sha1 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=564CFC9B.1040905@yahoo.com diff --git a/test/log/4503 b/test/log/4503 index 3a502a1fe..c91c79650 100644 --- a/test/log/4503 +++ b/test/log/4503 @@ -1,8 +1,7 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: validation error: Public key signature verification has failed. 1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 1024 -1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha512 b=1024 [verification failed - signature did not verify (headers probably modified in transit)] -1999-03-02 09:44:33 10HmaX-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=fail (signature did not verify; headers probably modified in transit) header.d=test.ex header.s=sel header.a=rsa-sha512 +1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha512 b=1024 [verification failed - body hash mismatch (body probably modified in transit)] +1999-03-02 09:44:33 10HmaX-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=fail (body hash mismatch; body probably modified in transit)\n header.d=test.ex header.s=sel header.a=rsa-sha512 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net diff --git a/test/log/4504 b/test/log/4504 index 43389c8a2..5af68d0dd 100644 --- a/test/log/4504 +++ b/test/log/4504 @@ -1,8 +1,7 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: validation error: Public key signature verification has failed. 1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 1024 -1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel2 c=simple/simple a=rsa-sha512 b=1024 [verification failed - signature did not verify (headers probably modified in transit)] -1999-03-02 09:44:33 10HmaX-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=fail (signature did not verify; headers probably modified in transit) header.d=test.ex header.s=sel2 header.a=rsa-sha512 +1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel2 c=simple/simple a=rsa-sha512 b=1024 [verification failed - body hash mismatch (body probably modified in transit)] +1999-03-02 09:44:33 10HmaX-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=fail (body hash mismatch; body probably modified in transit)\n header.d=test.ex header.s=sel2 header.a=rsa-sha512 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net diff --git a/test/log/4506 b/test/log/4506 index 55bad6163..4e57f3e84 100644 --- a/test/log/4506 +++ b/test/log/4506 @@ -3,15 +3,15 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 0 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid] -1999-03-02 09:44:33 10HmaY-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=neutral (signature tag missing or invalid) header.d=test.ex header.s=sel header.a=rsa-sha1 +1999-03-02 09:44:33 10HmaY-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=neutral (signature tag missing or invalid)\n header.d=test.ex header.s=sel header.a=rsa-sha1 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: test.ex bits: 1024 -1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [invalid - signature tag missing or invalid] -1999-03-02 09:44:33 10HmaZ-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=neutral (signature tag missing or invalid) header.d=test.ex header.s=sel header.a=rsa-sha1 +1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification failed - body hash mismatch (body probably modified in transit)] +1999-03-02 09:44:33 10HmaZ-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=fail (body hash mismatch; body probably modified in transit)\n header.d=test.ex header.s=sel header.a=rsa-sha1 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification failed - body hash mismatch (body probably modified in transit)] -1999-03-02 09:44:33 10HmbA-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=fail (body hash mismatch; body probably modified in transit) header.d=test.ex header.s=sel header.a=rsa-sha1 +1999-03-02 09:44:33 10HmbA-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=fail (body hash mismatch; body probably modified in transit)\n header.d=test.ex header.s=sel header.a=rsa-sha1 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 10HmbB-0005vi-00 DKIM: validation error: LONG_LINE 1999-03-02 09:44:33 10HmbB-0005vi-00 DKIM: Error during validation, disabling signature verification: LONG_LINE @@ -19,13 +19,13 @@ 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 10HmbC-0005vi-00 signer: test.ex bits: 512 1999-03-02 09:44:33 10HmbC-0005vi-00 DKIM: d=test.ex s=ses_sha256 c=simple/simple a=rsa-sha1 b=512 [verification failed - unspecified reason] -1999-03-02 09:44:33 10HmbC-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=fail (unspecified reason) header.d=test.ex header.s=ses_sha256 header.a=rsa-sha1 +1999-03-02 09:44:33 10HmbC-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=fail (unspecified reason)\n header.d=test.ex header.s=ses_sha256 header.a=rsa-sha1 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 10HmbD-0005vi-00 unknown 1999-03-02 09:44:33 10HmbD-0005vi-00 signer: test.ex bits: 0 1999-03-02 09:44:33 10HmbD-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid] -1999-03-02 09:44:33 10HmbD-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=neutral (signature tag missing or invalid) header.d=test.ex header.s=sel header.a=rsa-sha1 +1999-03-02 09:44:33 10HmbD-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=neutral (signature tag missing or invalid)\n header.d=test.ex header.s=sel header.a=rsa-sha1 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 0 diff --git a/test/log/4560 b/test/log/4560 new file mode 100644 index 000000000..101afb73b --- /dev/null +++ b/test/log/4560 @@ -0,0 +1,102 @@ + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss for za@test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=the.local.host.name (test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss ARC for a@test.ex +1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex <za@test.ex> R=fwd T=tsmtp H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmaY-0005vi-00 => a <a@test.ex> R=d1 T=tfile +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss for zza@test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=the.local.host.name (test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss ARC for za@test.ex +1999-03-02 09:44:33 10HmaZ-0005vi-00 => za@test.ex <zza@test.ex> R=fwd T=tsmtp H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@bloggs.com H=the.local.host.name (test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss ARC for a@test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 => a@test.ex <za@test.ex> R=fwd T=tsmtp H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbB-0005vi-00" +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmbB-0005vi-00 => a <a@test.ex> R=d1 T=tfile +1999-03-02 09:44:33 10HmbB-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss for zmza@test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@bloggs.com H=the.local.host.name (test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss ARC for mza@test.ex +1999-03-02 09:44:33 10HmbC-0005vi-00 => mza@test.ex <zmza@test.ex> R=fwd T=tsmtp H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbD-0005vi-00" +1999-03-02 09:44:33 10HmbC-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@bloggs.com H=the.local.host.name (test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss ARC for za@test.ex +1999-03-02 09:44:33 10HmbD-0005vi-00 => za@test.ex <mza@test.ex> R=mlist T=tmlist H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbE-0005vi-00" +1999-03-02 09:44:33 10HmbD-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@bloggs.com H=the.local.host.name (test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss ARC for a@test.ex +1999-03-02 09:44:33 10HmbE-0005vi-00 => a@test.ex <za@test.ex> R=fwd T=tsmtp H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbF-0005vi-00" +1999-03-02 09:44:33 10HmbE-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmbF-0005vi-00 => a <a@test.ex> R=d1 T=tfile +1999-03-02 09:44:33 10HmbF-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss for zzmza@test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@bloggs.com H=the.local.host.name (test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss ARC for zmza@test.ex +1999-03-02 09:44:33 10HmbG-0005vi-00 => zmza@test.ex <zzmza@test.ex> R=fwd T=tsmtp H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbH-0005vi-00" +1999-03-02 09:44:33 10HmbG-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmbI-0005vi-00 <= CALLER@bloggs.com H=the.local.host.name (test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss ARC for mza@test.ex +1999-03-02 09:44:33 10HmbH-0005vi-00 => mza@test.ex <zmza@test.ex> R=fwd T=tsmtp H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbI-0005vi-00" +1999-03-02 09:44:33 10HmbH-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmbJ-0005vi-00 <= CALLER@bloggs.com H=the.local.host.name (test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss for za@test.ex +1999-03-02 09:44:33 10HmbI-0005vi-00 => za@test.ex <mza@test.ex> R=mlist T=tmlist H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbJ-0005vi-00" +1999-03-02 09:44:33 10HmbI-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmbK-0005vi-00 <= CALLER@bloggs.com H=the.local.host.name (test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss for a@test.ex +1999-03-02 09:44:33 10HmbJ-0005vi-00 => a@test.ex <za@test.ex> R=fwd T=tsmtp H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbK-0005vi-00" +1999-03-02 09:44:33 10HmbJ-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmbK-0005vi-00 => a <a@test.ex> R=d1 T=tfile +1999-03-02 09:44:33 10HmbK-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss for zza@test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmbM-0005vi-00 <= CALLER@bloggs.com H=the.local.host.name (test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss ARC for za@test.ex +1999-03-02 09:44:33 10HmbL-0005vi-00 => za@test.ex <zza@test.ex> R=fwd T=tsmtp H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbM-0005vi-00" +1999-03-02 09:44:33 10HmbL-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmbN-0005vi-00 <= CALLER@bloggs.com H=the.local.host.name (test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss ARC for a@test.ex +1999-03-02 09:44:33 10HmbM-0005vi-00 => a@test.ex <za@test.ex> R=fwd T=tsmtp H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbN-0005vi-00" +1999-03-02 09:44:33 10HmbM-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmbN-0005vi-00 => a <a@test.ex> R=d1 T=tfile +1999-03-02 09:44:33 10HmbN-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 10HmbO-0005vi-00 DKIM: d=dmarc.org s=clochette c=simple/simple a=rsa-sha256 b=1024 t=1517535263 [verification succeeded] +1999-03-02 09:44:33 10HmbO-0005vi-00 DKIM: d=convivian.com s=default c=simple/simple a=rsa-sha256 b=1024 t=1517535248 [verification failed - body hash mismatch (body probably modified in transit)] +1999-03-02 09:44:33 10HmbO-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=dmarc.org id=1426665656.110316.1517535248039.JavaMail.zimbra@convivian.com for za@test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmbP-0005vi-00 DKIM: d=dmarc.org s=clochette c=simple/simple a=rsa-sha256 b=1024 t=1517535263 [verification succeeded] +1999-03-02 09:44:33 10HmbP-0005vi-00 DKIM: d=convivian.com s=default c=simple/simple a=rsa-sha256 b=1024 t=1517535248 [verification failed - body hash mismatch (body probably modified in transit)] +1999-03-02 09:44:33 10HmbP-0005vi-00 <= CALLER@bloggs.com H=the.local.host.name (test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss DKIM=dmarc.org id=1426665656.110316.1517535248039.JavaMail.zimbra@convivian.com for a@test.ex +1999-03-02 09:44:33 10HmbO-0005vi-00 => a@test.ex <za@test.ex> R=fwd T=tsmtp H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbP-0005vi-00" +1999-03-02 09:44:33 10HmbO-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmbP-0005vi-00 => a <a@test.ex> R=d1 T=tfile +1999-03-02 09:44:33 10HmbP-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp diff --git a/test/mail/4560.a b/test/mail/4560.a new file mode 100644 index 000000000..c0432b93a --- /dev/null +++ b/test/mail/4560.a @@ -0,0 +1,453 @@ +From CALLER@bloggs.com Tue Mar 02 09:44:33 1999 +Authentication-Results: test.ex; + iprev=pass (the.local.host.name); + arc=pass (i=1) header.s=sel arc.oldest-pass=1 smtp.client-ip=ip4.ip4.ip4.ip4 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=test.ex) + by test.ex with esmtp (Exim x.yz) + (envelope-from <CALLER@bloggs.com>) + id 10HmaY-0005vi-00 + for a@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +ARC-Seal: i=1; cv=none; a=rsa-sha256; c=relaxed; d=test.ex; s=sel; + b=XLcAAITo9Vf1e7bfAAZQGHFU1YySleXuf5+r2KI9kYNg8hmFsv6p91L679/gYfo7XGzo6pl9Xh + +CXJIttJnXkgGx+zRg4hRoAqr3VNqDYA/IDvvglQCdBVu2/4JS1cPCznuW6RdTLR6b7kMx11Cu + jd3NsmP38X0Zo8mRETF+TLU=; +ARC-Authentication-Results: i=1; test.ex; + arc=none +ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=test.ex; s=sel; + bh=HUzfKKxIjPIa07lkj5uzDQ3q5YTRF/NwAUE7dhrrfvs=; + h=Subject; + b=CbJ1YQLNAWyRqMXq9y0WN10HlKn8Ylu+sVGztkUklgxaqQJCVKUiS7dZaKCBA0B7UqesGogzb5 + y1aeJRCnWnUSL1gKXCjalHTp9XuWxGjd5cARh0AN/nmkXOFkgcIan7o4vB3UBF/T3NwLdewza+ + caLY3oRoBpLwh0IBzibHKl0=; +Authentication-Results: test.ex; + arc=none +Received: from [127.0.0.1] (helo=xxx) + by test.ex with smtp (Exim x.yz) + (envelope-from <CALLER@bloggs.com>) + id 10HmaX-0005vi-00 + for za@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Subject: Test + +This is a test body. + +From CALLER@bloggs.com Tue Mar 02 09:44:33 1999 +Authentication-Results: test.ex; + iprev=pass (the.local.host.name); + arc=pass (i=2) header.s=sel arc.oldest-pass=2 smtp.client-ip=ip4.ip4.ip4.ip4 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=test.ex) + by test.ex with esmtp (Exim x.yz) + (envelope-from <CALLER@bloggs.com>) + id 10HmbB-0005vi-00 + for a@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +ARC-Seal: i=2; cv=pass; a=rsa-sha256; c=relaxed; d=test.ex; s=sel; + b=QPT4AYm4FOMArfxOkzKDV/wEYbVVD4rZ7BKz7wzbMmLj/oyuObMvZ/zff/uFoegX6Xl0W7Ogs4 + Oid4SiYGn8WmoUqxEuEGPo6/rnp93bPkjL6EVZcuqs8gK9JN+DC1/ubihCCj5zQkPcJEiq3fpV + t59JpYefg0lWAxMXRe7XkSQ=; +ARC-Authentication-Results: i=2; test.ex; + iprev=pass (the.local.host.name); + arc=pass (i=1) header.s=sel arc.oldest-pass=1 smtp.client-ip=ip4.ip4.ip4.ip4 +ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed; d=test.ex; s=sel; + bh=HUzfKKxIjPIa07lkj5uzDQ3q5YTRF/NwAUE7dhrrfvs=; + h=Subject; + b=T2xYov0qVT77eX6s3g2M3CB4ulYuxbD0o+iTCpfB/40nZTzl5LdIVEyk2ph/ijyqY2PJTpBjjt + iTHoJ4CBtVAkDwq75Wj+lh1OfrArWJatMyimkMwxX6b54KcXldIwB+7w6Tn3D9/sydBEduL82C + p1kh+Bb/X0QGczb0CzdXwhM=; +Authentication-Results: test.ex; + iprev=pass (the.local.host.name); + arc=pass (i=1) header.s=sel arc.oldest-pass=1 smtp.client-ip=ip4.ip4.ip4.ip4 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=test.ex) + by test.ex with esmtp (Exim x.yz) + (envelope-from <CALLER@bloggs.com>) + id 10HmbA-0005vi-00 + for za@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +ARC-Seal: i=1; cv=none; a=rsa-sha256; c=relaxed; d=test.ex; s=sel; + b=XLcAAITo9Vf1e7bfAAZQGHFU1YySleXuf5+r2KI9kYNg8hmFsv6p91L679/gYfo7XGzo6pl9Xh + +CXJIttJnXkgGx+zRg4hRoAqr3VNqDYA/IDvvglQCdBVu2/4JS1cPCznuW6RdTLR6b7kMx11Cu + jd3NsmP38X0Zo8mRETF+TLU=; +ARC-Authentication-Results: i=1; test.ex; + arc=none +ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=test.ex; s=sel; + bh=HUzfKKxIjPIa07lkj5uzDQ3q5YTRF/NwAUE7dhrrfvs=; + h=Subject; + b=CbJ1YQLNAWyRqMXq9y0WN10HlKn8Ylu+sVGztkUklgxaqQJCVKUiS7dZaKCBA0B7UqesGogzb5 + y1aeJRCnWnUSL1gKXCjalHTp9XuWxGjd5cARh0AN/nmkXOFkgcIan7o4vB3UBF/T3NwLdewza+ + caLY3oRoBpLwh0IBzibHKl0=; +Authentication-Results: test.ex; + arc=none +Received: from [127.0.0.1] (helo=xxx) + by test.ex with smtp (Exim x.yz) + (envelope-from <CALLER@bloggs.com>) + id 10HmaZ-0005vi-00 + for zza@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Subject: Test + +This is a test body. + +From CALLER@bloggs.com Tue Mar 02 09:44:33 1999 +Authentication-Results: test.ex; + iprev=pass (the.local.host.name); + arc=pass (i=3) header.s=sel arc.oldest-pass=0 smtp.client-ip=ip4.ip4.ip4.ip4 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=test.ex) + by test.ex with esmtp (Exim x.yz) + (envelope-from <CALLER@bloggs.com>) + id 10HmbF-0005vi-00 + for a@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +ARC-Seal: i=3; cv=pass; a=rsa-sha256; c=relaxed; d=test.ex; s=sel; + b=UZiwwzRnbDfp1Qy85n7I53xtu0tXHmyGcuzuv/QL/pXNNNGPGxS4x+qLliXV3yMyUzPYEYjOkB + zlbFTeha0LdIY6GksuprRSrVRqtoePCgl/9XLyrAtqXe4atZWYr8tpLfbdLGhS0SXAkNHgY/I0 + tIhVDsdGN6Z0tMMWxwljKro=; +ARC-Authentication-Results: i=3; test.ex; + iprev=pass (the.local.host.name); + arc=pass (i=2) header.s=sel arc.oldest-pass=0 smtp.client-ip=ip4.ip4.ip4.ip4 +ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed; d=test.ex; s=sel; + bh=31zA4VNQZ2yhHUh+7vWASIL9kKqo6pSym1QghgPyUkM=; + h=Subject; + b=Lf2jJs8SwbiYLrylYAOjQO4iIa+7tnGighj2gE5NWZj+SiJNQFgu+gHgkmA4xZc2meG58S7WPf + nG6rkqTU/uqBRAbWaEHP1VYDss/x47a/GImRx89dR1P7ZTRLMGgk0AusbvtFDMsKvOTd8QeWLc + DsScgtJ2MqYbikFuA0LxRIA=; +Authentication-Results: test.ex; + iprev=pass (the.local.host.name); + arc=pass (i=2) header.s=sel arc.oldest-pass=0 smtp.client-ip=ip4.ip4.ip4.ip4 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=test.ex) + by test.ex with esmtp (Exim x.yz) + (envelope-from <CALLER@bloggs.com>) + id 10HmbE-0005vi-00 + for za@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +ARC-Seal: i=2; cv=pass; a=rsa-sha256; c=relaxed; d=test.ex; s=sel; + b=Ve0H0ri4edD3OUKRxMSyMWdVBiikGZwpYN/6lq6fxiFkgxV7atTuDfPJJ77xbuC/vmvLOWSa6x + JcN+stcJn6QcPNjmzoNbK5BLIWwFfLKW02Ao+qqm1DGqWnI6XD3r/oKleEvUc2XdatoYHXCbp7 + qQO7e9u/Pzs+6u6dNA+KoJA=; +ARC-Authentication-Results: i=2; test.ex; + iprev=pass (the.local.host.name); + arc=pass (i=1) header.s=sel arc.oldest-pass=1 smtp.client-ip=ip4.ip4.ip4.ip4 +ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed; d=test.ex; s=sel; + bh=31zA4VNQZ2yhHUh+7vWASIL9kKqo6pSym1QghgPyUkM=; + h=Subject; + b=v3N5ukPvIJskEefYQVq9la9YvMbtrEETkzRVbExhcuf52gWH6PY6L8MWQr2BN4VZbWHPIfZN3S + GMQ21ewl0ZaHC4bAzidgK7NsViw8cfKnJwkvSm4FejpBDto93vQ0Jn2dntbjGZeDSaFx8AuV0m + oZRTJp3w8FnuMJ8Pl0bDLDM=; +Authentication-Results: test.ex; + iprev=pass (the.local.host.name); + arc=pass (i=1) header.s=sel arc.oldest-pass=1 smtp.client-ip=ip4.ip4.ip4.ip4 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=test.ex) + by test.ex with esmtp (Exim x.yz) + (envelope-from <CALLER@bloggs.com>) + id 10HmbD-0005vi-00 + for mza@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +ARC-Seal: i=1; cv=none; a=rsa-sha256; c=relaxed; d=test.ex; s=sel; + b=XLcAAITo9Vf1e7bfAAZQGHFU1YySleXuf5+r2KI9kYNg8hmFsv6p91L679/gYfo7XGzo6pl9Xh + +CXJIttJnXkgGx+zRg4hRoAqr3VNqDYA/IDvvglQCdBVu2/4JS1cPCznuW6RdTLR6b7kMx11Cu + jd3NsmP38X0Zo8mRETF+TLU=; +ARC-Authentication-Results: i=1; test.ex; + arc=none +ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=test.ex; s=sel; + bh=HUzfKKxIjPIa07lkj5uzDQ3q5YTRF/NwAUE7dhrrfvs=; + h=Subject; + b=CbJ1YQLNAWyRqMXq9y0WN10HlKn8Ylu+sVGztkUklgxaqQJCVKUiS7dZaKCBA0B7UqesGogzb5 + y1aeJRCnWnUSL1gKXCjalHTp9XuWxGjd5cARh0AN/nmkXOFkgcIan7o4vB3UBF/T3NwLdewza+ + caLY3oRoBpLwh0IBzibHKl0=; +Authentication-Results: test.ex; + arc=none +Received: from [127.0.0.1] (helo=xxx) + by test.ex with smtp (Exim x.yz) + (envelope-from <CALLER@bloggs.com>) + id 10HmbC-0005vi-00 + for zmza@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Subject: Test + +This is a test body. + +----- +This is a generic mailinglist footer +---- + +From CALLER@bloggs.com Tue Mar 02 09:44:33 1999 +Authentication-Results: test.ex; + iprev=pass (the.local.host.name); + arc=fail (i=3) header.s=sel arc.oldest-pass=0 smtp.client-ip=ip4.ip4.ip4.ip4 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=test.ex) + by test.ex with esmtp (Exim x.yz) + (envelope-from <CALLER@bloggs.com>) + id 10HmbK-0005vi-00 + for a@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +ARC-Seal: i=3; cv=fail; a=rsa-sha256; c=relaxed; d=test.ex; s=sel; + b=Q7C2hXJPIS8zzONoXTI8rWioQs8SqYOBTXYLipH7fshFD+j83qqBfxoTQUzZmSjLq1ZDmIyJD/ + Ni8eBtkRv3wnbcnp1nxuv3ATnUfFgjd4DjmKtBqIKK0r3yvOXooeK7uEbvJHapXg7uHFSLq62X + c7RWT/QCRAUexkZERkhQP6s=; +ARC-Authentication-Results: i=3; test.ex; + iprev=pass (the.local.host.name); + arc=fail (i=2) header.s=sel arc.oldest-pass=0 smtp.client-ip=ip4.ip4.ip4.ip4 +ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed; d=test.ex; s=sel; + bh=31zA4VNQZ2yhHUh+7vWASIL9kKqo6pSym1QghgPyUkM=; + h=Subject; + b=Lf2jJs8SwbiYLrylYAOjQO4iIa+7tnGighj2gE5NWZj+SiJNQFgu+gHgkmA4xZc2meG58S7WPf + nG6rkqTU/uqBRAbWaEHP1VYDss/x47a/GImRx89dR1P7ZTRLMGgk0AusbvtFDMsKvOTd8QeWLc + DsScgtJ2MqYbikFuA0LxRIA=; +Authentication-Results: test.ex; + iprev=pass (the.local.host.name); + arc=fail (i=2) header.s=sel arc.oldest-pass=0 smtp.client-ip=ip4.ip4.ip4.ip4 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=test.ex) + by test.ex with esmtp (Exim x.yz) + (envelope-from <CALLER@bloggs.com>) + id 10HmbJ-0005vi-00 + for za@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Authentication-Results: test.ex; + iprev=pass (the.local.host.name); + arc=pass (i=2) header.s=sel arc.oldest-pass=2 smtp.client-ip=ip4.ip4.ip4.ip4 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=test.ex) + by test.ex with esmtp (Exim x.yz) + (envelope-from <CALLER@bloggs.com>) + id 10HmbI-0005vi-00 + for mza@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +ARC-Seal: i=2; cv=pass; a=rsa-sha256; c=relaxed; d=test.ex; s=sel; + b=QPT4AYm4FOMArfxOkzKDV/wEYbVVD4rZ7BKz7wzbMmLj/oyuObMvZ/zff/uFoegX6Xl0W7Ogs4 + Oid4SiYGn8WmoUqxEuEGPo6/rnp93bPkjL6EVZcuqs8gK9JN+DC1/ubihCCj5zQkPcJEiq3fpV + t59JpYefg0lWAxMXRe7XkSQ=; +ARC-Authentication-Results: i=2; test.ex; + iprev=pass (the.local.host.name); + arc=pass (i=1) header.s=sel arc.oldest-pass=1 smtp.client-ip=ip4.ip4.ip4.ip4 +ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed; d=test.ex; s=sel; + bh=HUzfKKxIjPIa07lkj5uzDQ3q5YTRF/NwAUE7dhrrfvs=; + h=Subject; + b=T2xYov0qVT77eX6s3g2M3CB4ulYuxbD0o+iTCpfB/40nZTzl5LdIVEyk2ph/ijyqY2PJTpBjjt + iTHoJ4CBtVAkDwq75Wj+lh1OfrArWJatMyimkMwxX6b54KcXldIwB+7w6Tn3D9/sydBEduL82C + p1kh+Bb/X0QGczb0CzdXwhM=; +Authentication-Results: test.ex; + iprev=pass (the.local.host.name); + arc=pass (i=1) header.s=sel arc.oldest-pass=1 smtp.client-ip=ip4.ip4.ip4.ip4 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=test.ex) + by test.ex with esmtp (Exim x.yz) + (envelope-from <CALLER@bloggs.com>) + id 10HmbH-0005vi-00 + for zmza@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +ARC-Seal: i=1; cv=none; a=rsa-sha256; c=relaxed; d=test.ex; s=sel; + b=XLcAAITo9Vf1e7bfAAZQGHFU1YySleXuf5+r2KI9kYNg8hmFsv6p91L679/gYfo7XGzo6pl9Xh + +CXJIttJnXkgGx+zRg4hRoAqr3VNqDYA/IDvvglQCdBVu2/4JS1cPCznuW6RdTLR6b7kMx11Cu + jd3NsmP38X0Zo8mRETF+TLU=; +ARC-Authentication-Results: i=1; test.ex; + arc=none +ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=test.ex; s=sel; + bh=HUzfKKxIjPIa07lkj5uzDQ3q5YTRF/NwAUE7dhrrfvs=; + h=Subject; + b=CbJ1YQLNAWyRqMXq9y0WN10HlKn8Ylu+sVGztkUklgxaqQJCVKUiS7dZaKCBA0B7UqesGogzb5 + y1aeJRCnWnUSL1gKXCjalHTp9XuWxGjd5cARh0AN/nmkXOFkgcIan7o4vB3UBF/T3NwLdewza+ + caLY3oRoBpLwh0IBzibHKl0=; +Authentication-Results: test.ex; + arc=none +Received: from [127.0.0.1] (helo=xxx) + by test.ex with smtp (Exim x.yz) + (envelope-from <CALLER@bloggs.com>) + id 10HmbG-0005vi-00 + for zzmza@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Subject: Test + +This is a test body. + +----- +This is a generic mailinglist footer +---- + +From CALLER@bloggs.com Tue Mar 02 09:44:33 1999 +Authentication-Results: test.ex; + iprev=pass (the.local.host.name); + arc=pass (i=1) header.s=sel arc.oldest-pass=1 smtp.client-ip=ip4.ip4.ip4.ip4 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=test.ex) + by test.ex with esmtp (Exim x.yz) + (envelope-from <CALLER@bloggs.com>) + id 10HmbN-0005vi-00 + for a@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Authentication-Results: test.ex; + iprev=pass (the.local.host.name); + arc=pass (i=1) header.s=sel arc.oldest-pass=1 smtp.client-ip=ip4.ip4.ip4.ip4 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=test.ex) + by test.ex with esmtp (Exim x.yz) + (envelope-from <CALLER@bloggs.com>) + id 10HmbM-0005vi-00 + for za@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +ARC-Seal: i=1; cv=none; a=rsa-sha256; c=relaxed; d=test.ex; s=sel; + b=XLcAAITo9Vf1e7bfAAZQGHFU1YySleXuf5+r2KI9kYNg8hmFsv6p91L679/gYfo7XGzo6pl9Xh + +CXJIttJnXkgGx+zRg4hRoAqr3VNqDYA/IDvvglQCdBVu2/4JS1cPCznuW6RdTLR6b7kMx11Cu + jd3NsmP38X0Zo8mRETF+TLU=; +ARC-Authentication-Results: i=1; test.ex; + arc=none +ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=test.ex; s=sel; + bh=HUzfKKxIjPIa07lkj5uzDQ3q5YTRF/NwAUE7dhrrfvs=; + h=Subject; + b=CbJ1YQLNAWyRqMXq9y0WN10HlKn8Ylu+sVGztkUklgxaqQJCVKUiS7dZaKCBA0B7UqesGogzb5 + y1aeJRCnWnUSL1gKXCjalHTp9XuWxGjd5cARh0AN/nmkXOFkgcIan7o4vB3UBF/T3NwLdewza+ + caLY3oRoBpLwh0IBzibHKl0=; +Authentication-Results: test.ex; + arc=none +Received: from [127.0.0.1] (helo=xxx) + by test.ex with smtp (Exim x.yz) + (envelope-from <CALLER@bloggs.com>) + id 10HmbL-0005vi-00 + for zza@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Subject: Test + +This is a test body. + +From CALLER@bloggs.com Tue Mar 02 09:44:33 1999 +Authentication-Results: test.ex; + iprev=pass (the.local.host.name); + dkim=pass header.d=dmarc.org header.s=clochette header.a=rsa-sha256; + dkim=fail (body hash mismatch; body probably modified in transit) + header.d=convivian.com header.s=default header.a=rsa-sha256; + arc=fail (i=2) header.s=sel arc.oldest-pass=0 smtp.client-ip=ip4.ip4.ip4.ip4 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=test.ex) + by test.ex with esmtp (Exim x.yz) + (envelope-from <CALLER@bloggs.com>) + id 10HmbP-0005vi-00 + for a@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +ARC-Seal: i=2; cv=fail; a=rsa-sha256; c=relaxed; d=test.ex; s=sel; + b=kyA9Jr7oTw0RjbIMJuRSDVS34QV/o7rR2vk8j9OoOrJCc4SGYoFdnwOPuZ0xnJ7PC6VBYqFuaF + 0roSJ1UkJk7NJLjfw4UXF1gF01z+EBahwpYpLE1K7+wuejYBiu83ksxeNbMaejGCZGXRgTrx4N + r8h8iR9p7dSbp6/B7CxxoSg=; +ARC-Authentication-Results: i=2; test.ex; + dkim=pass header.d=dmarc.org header.s=clochette header.a=rsa-sha256; + dkim=fail (body hash mismatch; body probably modified in transit) + header.d=convivian.com header.s=default header.a=rsa-sha256; + arc=fail (i=1) header.s=default arc.oldest-pass=0 smtp.client-ip=127.0.0.1 +ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed; d=test.ex; s=sel; + bh=DXU/xKzzQYeoYB254nZ0AzNm7z2YZ//FpTnhgIjPyt8=; + h=Sender:Content-Type:Reply-To:From:List-Subscribe:List-Help:List-Post: + List-Archive:List-Unsubscribe:List-Id:Subject:Cc:MIME-Version:References: + In-Reply-To:Message-ID:To:Date:DKIM-Signature:DKIM-Signature; + b=ZDh/1Pns8xp2aOFUIDqAIU8rNK+Wx+xBtsUqn+P8an0dPJIja0AexTNoPagabvXjNzT86Uf6dm + 6gO1oFpzn63XNNaRJSrUDOMLe3pe5D8IS/0AFlqU9iwyDjmZqsnc8VnxXMgkDvEhrF5e1Mj9E+ + Rw80B9DQMRhl1Va7HMZsLlI=; +Authentication-Results: test.ex; + dkim=pass header.d=dmarc.org header.s=clochette header.a=rsa-sha256; + dkim=fail (body hash mismatch; body probably modified in transit) + header.d=convivian.com header.s=default header.a=rsa-sha256; + arc=fail (i=1) header.s=default arc.oldest-pass=0 smtp.client-ip=127.0.0.1 +Received: from [127.0.0.1] (helo=xxx) + by test.ex with smtp (Exim x.yz) + (envelope-from <CALLER@bloggs.com>) + id 10HmbO-0005vi-00 + for za@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Received: from dragon.trusteddomain.org (localhost [127.0.0.1]) + by dragon.trusteddomain.org (8.14.5/8.14.5) with ESMTP id w121YG2q036577; + Tue, 2 Mar 1999 09:44:33 +0000 (PST) + (envelope-from arc-discuss-bounces@dmarc.org) +DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dmarc.org; + s=clochette; t=1517535263; + bh=DXU/xKzzQYeoYB254nZ0AzNm7z2YZ//FpTnhgIjPyt8=; + h=Date:To:In-Reply-To:References:Cc:Subject:List-Id: + List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: + From:Reply-To; + b=Z66qes0GxyXtv0ow232KSy/b44fPNLZL8JOXHiJLi9dHzIPyxsQd/Zb5NP8i3427g + a9tEyo8Rpz8DPbn351e+IlYqRGLfokTWgX+7NfMLy87p3SfnPytUu6PM8QiW2VC889 + Tk0K+5xH5KSgkENaPdLBigHtunyNZaSofgKy5vBM= +Authentication-Results: dragon.trusteddomain.org; sender-id=fail (NotPermitted) header.sender=arc-discuss-bounces@dmarc.org; spf=fail (NotPermitted) smtp.mfrom=arc-discuss-bounces@dmarc.org +Received: from mailhub.convivian.com (mailhub.convivian.com [72.5.31.108]) + by dragon.trusteddomain.org (8.14.5/8.14.5) with ESMTP id w121YEt6036571 + for <arc-discuss@dmarc.org>; Tue, 2 Mar 1999 09:44:33 +0000 (PST) + (envelope-from jered@convivian.com) +Authentication-Results: dragon.trusteddomain.org; dkim=pass + reason="1024-bit key" + header.d=convivian.com header.i=@convivian.com header.b=LHXEAl5e; + dkim-adsp=pass +Authentication-Results: dragon.trusteddomain.org; + sender-id=pass header.from=jered@convivian.com; + spf=pass smtp.mfrom=jered@convivian.com +Received: from zimbra8.internal.convivian.com (zimbra8.internal.convivian.com + [172.16.0.5]) + by mailhub.convivian.com (Postfix) with ESMTP id 471DA66FB6; + Thu, 1 Feb 2018 20:34:08 -0500 (EST) +ARC-Seal: i=1; a=rsa-sha256; d=convivian.com; s=default; t=1517535248; cv=none; + b=HkK4AhtPFBUHtRUKKzTON3wyMj7ZLq881P2qhWg+lO8Y50V9SEc8lJ4dBIM3cj3ftfAbooPSLHAVejA89bpS1eAvODci6pOPaQWkBZmpdu+yPIxqX3FyOaCdIaZFbXaMQ1Jg5Sraf5mkCESmfjR5bCguAaZsnPQDF6wSN8VhbQk= +ARC-Message-Signature: i=1; a=rsa-sha256; d=convivian.com; s=default; + t=1517535248; c=relaxed/simple; + bh=9Cp8KoxNPc7FEuC29xB5bNWWadzdEFhXrX/8i+vd3g4=; + h=DKIM-Signature:Date:From:To:Cc:Message-ID:In-Reply-To:References: + Subject:MIME-Version:Content-Type:X-Originating-IP:X-Mailer: + Thread-Topic:Thread-Index:From; + b=jG+KnBrP2oq1z1upStMoWbM1fkS5zbUiir221Gy6h7ao5oy7Qc3m0pXgrSdhgGD4oX/kk2seEt2WAlPNwEsZyvYeG/80ctd/2+hwaVQ6JSOU83Rdd8im8HwMvXzXZIz8ATjPpOv21+xMrqlPSkD/l6X4VP+AAoVVkhW7f4GWcws= +ARC-Authentication-Results: i=1; mailhub.convivian.com; none +DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=convivian.com; + s=default; t=1517535248; + bh=9Cp8KoxNPc7FEuC29xB5bNWWadzdEFhXrX/8i+vd3g4=; + h=Date:From:To:Cc:In-Reply-To:References:Subject:From; + b=LHXEAl5elmfkdXNdK24QonXpkiG38neuJoS7fSQXwZVZkR+cdYNr6eBxx3DF4reJO + NgzV5GFyPX6+LdIqR6rnC8BXhjvJq+pxLW3/wKx39W3ANYWRFm1dgyWBz99NxNNvk/ + ruQkYYBBk9GPM52EyHNMvHciRAyaSk+VluGj6c6M= +Date: Tue, 2 Mar 1999 09:44:33 +0000 (EST) +To: Brandon Long <blong@google.com> +Message-ID: <1426665656.110316.1517535248039.JavaMail.zimbra@convivian.com> +In-Reply-To: <CABa8R6s3e1k=c9wQBtNBWvPT4BrXv3-2NnynyAfRseZ-5s6NKg@mail.gmail.com> +References: <CO2PR0501MB981081FA2C73CB83FA1C903F1FA0@CO2PR0501MB981.namprd05.prod.outlook.com> + <CAAQnKjAV3zEfP-J6JgTrv1jU9UPmf9dG9SPr-+q4jZ6PaGQjxg@mail.gmail.com> + <CAAQnKjBBLS9Lm2vnT3i+WUNhrvv2oDEMFEcyozw+YzyKS4G1qQ@mail.gmail.com> + <29030059.107105.1517497494557.JavaMail.zimbra@convivian.com> + <4f60039a-a754-ae4c-1543-0a978d9e13be@rolandturner.com> + <1544831589.110194.1517532064123.JavaMail.zimbra@convivian.com> + <CABa8R6s3e1k=c9wQBtNBWvPT4BrXv3-2NnynyAfRseZ-5s6NKg@mail.gmail.com> +MIME-Version: 1.0 +X-Originating-IP: [172.16.0.5] +X-Mailer: Zimbra 8.7.11_GA_1854 (ZimbraWebClient - FF58 (Mac)/8.7.11_GA_1854) +Thread-Topic: Gmail support of ARC headers from third-parties +Thread-Index: JantLkX01vLd7pyKcopbBWCs3yDbLQ== +Cc: arc-discuss <arc-discuss@dmarc.org> +Subject: Re: [arc-discuss] Gmail support of ARC headers from third-parties +X-BeenThere: arc-discuss@dmarc.org +X-Mailman-Version: 2.1.18 +Precedence: list +List-Id: Discussion of the ARC protocol <arc-discuss.dmarc.org> +List-Unsubscribe: <http://lists.dmarc.org/mailman/options/arc-discuss>, + <mailto:arc-discuss-request@dmarc.org?subject=unsubscribe> +List-Archive: <http://lists.dmarc.org/pipermail/arc-discuss/> +List-Post: <mailto:arc-discuss@dmarc.org> +List-Help: <mailto:arc-discuss-request@dmarc.org?subject=help> +List-Subscribe: <http://lists.dmarc.org/mailman/listinfo/arc-discuss>, + <mailto:arc-discuss-request@dmarc.org?subject=subscribe> +From: Jered Floyd via arc-discuss <arc-discuss@dmarc.org> +Reply-To: Jered Floyd <jered@convivian.com> +Content-Type: multipart/mixed; boundary="===============2728806607597782871==" +Errors-To: arc-discuss-bounces@dmarc.org +Sender: "arc-discuss" <arc-discuss-bounces@dmarc.org> + +--===============2728806607597782871== +Content-Type: multipart/alternative; + boundary="=_bda8d35f-e3be-4e59-9fc8-f78ed0af3226" + +--=_bda8d35f-e3be-4e59-9fc8-f78ed0af3226 +Content-Type: text/plain; charset=utf-8 +Content-Transfer-Encoding: 7bit + +>> Couldn't the first untrusted ARC signer (working in reverse chronological order) +>> simply have faked all the earlier headers and applied a "valid" ARC +>> signature/seal? This is why I figured you must trust the entire chain if you +>> want to trust the sender data. + +> They can't fake an earlier signature unless they have the private key for the +> signing domain. + +> Ie, a non-modifying hop is basically a no-op, unless you want to trust their +> auth results. + +OK, sure; I agree with that. But I guess I see ARC as primarily for indirect mail flows that break DKIM (i.e. Mailman), in which case I think trust is needed to bridge those hops? + +--Jered + +--=_bda8d35f-e3be-4e59-9fc8-f78ed0af3226 +Content-Type: text/html; charset=utf-8 +Content-Transfer-Encoding: 7bit + +<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000"><div><br></div><div data-marker="__QUOTED_TEXT__"><blockquote style="border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><div dir="ltr"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> +Couldn't the first untrusted ARC signer (working in reverse chronological order) simply have faked all the earlier headers and applied a "valid" ARC signature/seal? This is why I figured you must trust the entire chain if you want to trust the sender data.<br></blockquote><br><div>They can't fake an earlier signature unless they have the private key for the signing domain.</div><br><div>Ie, a non-modifying hop is basically a no-op, unless you want to trust their auth results.</div></div></div></blockquote><div>OK, sure; I agree with that. But I guess I see ARC as primarily for indirect mail flows that break DKIM (i.e. Mailman), in which case I think trust is needed to bridge those hops?<br></div><div><br data-mce-bogus="1"></div><div>--Jered<br data-mce-bogus="1"></div></div></div></body></html> +--=_bda8d35f-e3be-4e59-9fc8-f78ed0af3226-- + +--===============2728806607597782871== +Content-Type: text/plain; charset="us-ascii" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +Content-Disposition: inline + +_______________________________________________ +arc-discuss mailing list +arc-discuss@dmarc.org +http://lists.dmarc.org/mailman/listinfo/arc-discuss + +--===============2728806607597782871==-- + diff --git a/test/runtest b/test/runtest index 06597fe04..8925731d2 100755 --- a/test/runtest +++ b/test/runtest @@ -926,6 +926,9 @@ RESET_AFTER_EXTRA_LINE_READ: # Postgres server takes varible time to shut down; lives in various places s/^waiting for server to shut down\.+ done$/waiting for server to shut down.... done/; s/^\/.*postgres /POSTGRES /; + + # ARC is not always supported by the build + next if /^arc_sign =/; } # ======== stderr ======== diff --git a/test/scripts/4560-ARC/4560 b/test/scripts/4560-ARC/4560 new file mode 100644 index 000000000..2d23674c7 --- /dev/null +++ b/test/scripts/4560-ARC/4560 @@ -0,0 +1,359 @@ +# ARC verify and sign +# +exim -DSERVER=server -bd -oX PORT_D +**** +# +# We send this one through one forwarding hop. +# It starts off bare, so the forwarder reception gets an ARC status of "none". +# The outbound signs it with that, and the final receiver is happy to pass it. +# +client 127.0.0.1 PORT_D +??? 220 +HELO xxx +??? 250 +MAIL FROM:<CALLER@bloggs.com> +??? 250 +RCPT TO:<za@test.ex> +??? 250 +DATA +??? 354 +Subject: Test + +This is a test body. +. +??? 250 +QUIT +??? 221 +**** +# +exim -DSERVER=server -DNOTDAEMON -q +**** +exim -DSERVER=server -DNOTDAEMON -q +**** +# +# +# +# +# +# +# +# +# +# We send this one through two forwarding hops. +# It starts off bare, so the 1st forwarder reception gets an ARC status of "none". +# The outbound signs it with that, and the 2nd forwarder is happy to pass it. +# The outbound signs again, and the final receiver is happy. +# +client 127.0.0.1 PORT_D +??? 220 +HELO xxx +??? 250 +MAIL FROM:<CALLER@bloggs.com> +??? 250 +RCPT TO:<zza@test.ex> +??? 250 +DATA +??? 354 +Subject: Test + +This is a test body. +. +??? 250 +QUIT +??? 221 +**** +# +exim -DSERVER=server -DNOTDAEMON -q +**** +exim -DSERVER=server -DNOTDAEMON -q +**** +exim -DSERVER=server -DNOTDAEMON -q +**** +# +# +# +# +# +# +# +# +# +# We send this one through one forwarder, one mailinglist, and one more forwarder +# +client 127.0.0.1 PORT_D +??? 220 +HELO xxx +??? 250 +MAIL FROM:<CALLER@bloggs.com> +??? 250 +RCPT TO:<zmza@test.ex> +??? 250 +DATA +??? 354 +Subject: Test + +This is a test body. +. +??? 250 +QUIT +??? 221 +**** +# +exim -DSERVER=server -DNOTDAEMON -q +**** +exim -DSERVER=server -DNOTDAEMON -q +**** +exim -DSERVER=server -DNOTDAEMON -q +**** +exim -DSERVER=server -DNOTDAEMON -q +**** +# +# +# +# +# +# +# +# +# +# We send this one through two forwarders, then one ARC-unaware mailinglist +# then one more forwarder +# +client 127.0.0.1 PORT_D +??? 220 +HELO xxx +??? 250 +MAIL FROM:<CALLER@bloggs.com> +??? 250 +RCPT TO:<zzmza@test.ex> +??? 250 +DATA +??? 354 +Subject: Test + +This is a test body. +. +??? 250 +QUIT +??? 221 +**** +# +exim -DSERVER=server -DNOTDAEMON -q +**** +exim -DSERVER=server -DNOTDAEMON -q +**** +exim -DSERVER=server -DNOTDAEMON -DOPTION -q +**** +exim -DSERVER=server -DNOTDAEMON -q +**** +exim -DSERVER=server -DNOTDAEMON -q +**** +# +# +# +# +# +# +# +# +# +# We send this one through a forwarders, then an ARC-unaware forwarder +# +client 127.0.0.1 PORT_D +??? 220 +HELO xxx +??? 250 +MAIL FROM:<CALLER@bloggs.com> +??? 250 +RCPT TO:<zza@test.ex> +??? 250 +DATA +??? 354 +Subject: Test + +This is a test body. +. +??? 250 +QUIT +??? 221 +**** +# +exim -DSERVER=server -DNOTDAEMON -q +**** +exim -DSERVER=server -DNOTDAEMON -DOPTION -q +**** +exim -DSERVER=server -DNOTDAEMON -q +**** +# +# +# +# +# +# +# +# +# +# We send this one through one forwarding hop. +# It starts with one ARC-set. +# The reception at the forwarder gets an ARC-fail, because the bodyhash does not +# match - so the forwarder outbound ARC-signs as a fail, +# and the final receiver evaluates ARC status as fail. +# Mail original in https://tools.ietf.org/html/draft-ietf-dmarc-arc-protocol-11#page-14 +# +client 127.0.0.1 PORT_D +??? 220 +HELO xxx +??? 250 +MAIL FROM:<CALLER@bloggs.com> +??? 250 +RCPT TO:<za@test.ex> +??? 250 +DATA +??? 354 +Received: from dragon.trusteddomain.org (localhost [127.0.0.1]) + by dragon.trusteddomain.org (8.14.5/8.14.5) with ESMTP id w121YG2q036577; + Thu, 1 Feb 2018 17:34:20 -0800 (PST) + (envelope-from arc-discuss-bounces@dmarc.org) +DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dmarc.org; + s=clochette; t=1517535263; + bh=DXU/xKzzQYeoYB254nZ0AzNm7z2YZ//FpTnhgIjPyt8=; + h=Date:To:In-Reply-To:References:Cc:Subject:List-Id: + List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: + From:Reply-To; + b=Z66qes0GxyXtv0ow232KSy/b44fPNLZL8JOXHiJLi9dHzIPyxsQd/Zb5NP8i3427g + a9tEyo8Rpz8DPbn351e+IlYqRGLfokTWgX+7NfMLy87p3SfnPytUu6PM8QiW2VC889 + Tk0K+5xH5KSgkENaPdLBigHtunyNZaSofgKy5vBM= +Authentication-Results: dragon.trusteddomain.org; sender-id=fail (NotPermitted) header.sender=arc-discuss-bounces@dmarc.org; spf=fail (NotPermitted) smtp.mfrom=arc-discuss-bounces@dmarc.org +Received: from mailhub.convivian.com (mailhub.convivian.com [72.5.31.108]) + by dragon.trusteddomain.org (8.14.5/8.14.5) with ESMTP id w121YEt6036571 + for <arc-discuss@dmarc.org>; Thu, 1 Feb 2018 17:34:14 -0800 (PST) + (envelope-from jered@convivian.com) +Authentication-Results: dragon.trusteddomain.org; dkim=pass + reason="1024-bit key" + header.d=convivian.com header.i=@convivian.com header.b=LHXEAl5e; + dkim-adsp=pass +Authentication-Results: dragon.trusteddomain.org; + sender-id=pass header.from=jered@convivian.com; + spf=pass smtp.mfrom=jered@convivian.com +Received: from zimbra8.internal.convivian.com (zimbra8.internal.convivian.com + [172.16.0.5]) + by mailhub.convivian.com (Postfix) with ESMTP id 471DA66FB6; + Thu, 1 Feb 2018 20:34:08 -0500 (EST) +ARC-Seal: i=1; a=rsa-sha256; d=convivian.com; s=default; t=1517535248; cv=none; + b=HkK4AhtPFBUHtRUKKzTON3wyMj7ZLq881P2qhWg+lO8Y50V9SEc8lJ4dBIM3cj3ftfAbooPSLHAVejA89bpS1eAvODci6pOPaQWkBZmpdu+yPIxqX3FyOaCdIaZFbXaMQ1Jg5Sraf5mkCESmfjR5bCguAaZsnPQDF6wSN8VhbQk= +ARC-Message-Signature: i=1; a=rsa-sha256; d=convivian.com; s=default; + t=1517535248; c=relaxed/simple; + bh=9Cp8KoxNPc7FEuC29xB5bNWWadzdEFhXrX/8i+vd3g4=; + h=DKIM-Signature:Date:From:To:Cc:Message-ID:In-Reply-To:References: + Subject:MIME-Version:Content-Type:X-Originating-IP:X-Mailer: + Thread-Topic:Thread-Index:From; + b=jG+KnBrP2oq1z1upStMoWbM1fkS5zbUiir221Gy6h7ao5oy7Qc3m0pXgrSdhgGD4oX/kk2seEt2WAlPNwEsZyvYeG/80ctd/2+hwaVQ6JSOU83Rdd8im8HwMvXzXZIz8ATjPpOv21+xMrqlPSkD/l6X4VP+AAoVVkhW7f4GWcws= +ARC-Authentication-Results: i=1; mailhub.convivian.com; none +DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=convivian.com; + s=default; t=1517535248; + bh=9Cp8KoxNPc7FEuC29xB5bNWWadzdEFhXrX/8i+vd3g4=; + h=Date:From:To:Cc:In-Reply-To:References:Subject:From; + b=LHXEAl5elmfkdXNdK24QonXpkiG38neuJoS7fSQXwZVZkR+cdYNr6eBxx3DF4reJO + NgzV5GFyPX6+LdIqR6rnC8BXhjvJq+pxLW3/wKx39W3ANYWRFm1dgyWBz99NxNNvk/ + ruQkYYBBk9GPM52EyHNMvHciRAyaSk+VluGj6c6M= +Date: Thu, 1 Feb 2018 20:34:08 -0500 (EST) +To: Brandon Long <blong@google.com> +Message-ID: <1426665656.110316.1517535248039.JavaMail.zimbra@convivian.com> +In-Reply-To: <CABa8R6s3e1k=c9wQBtNBWvPT4BrXv3-2NnynyAfRseZ-5s6NKg@mail.gmail.com> +References: <CO2PR0501MB981081FA2C73CB83FA1C903F1FA0@CO2PR0501MB981.namprd05.prod.outlook.com> + <CAAQnKjAV3zEfP-J6JgTrv1jU9UPmf9dG9SPr-+q4jZ6PaGQjxg@mail.gmail.com> + <CAAQnKjBBLS9Lm2vnT3i+WUNhrvv2oDEMFEcyozw+YzyKS4G1qQ@mail.gmail.com> + <29030059.107105.1517497494557.JavaMail.zimbra@convivian.com> + <4f60039a-a754-ae4c-1543-0a978d9e13be@rolandturner.com> + <1544831589.110194.1517532064123.JavaMail.zimbra@convivian.com> + <CABa8R6s3e1k=c9wQBtNBWvPT4BrXv3-2NnynyAfRseZ-5s6NKg@mail.gmail.com> +MIME-Version: 1.0 +X-Originating-IP: [172.16.0.5] +X-Mailer: Zimbra 8.7.11_GA_1854 (ZimbraWebClient - FF58 (Mac)/8.7.11_GA_1854) +Thread-Topic: Gmail support of ARC headers from third-parties +Thread-Index: JantLkX01vLd7pyKcopbBWCs3yDbLQ== +Cc: arc-discuss <arc-discuss@dmarc.org> +Subject: Re: [arc-discuss] Gmail support of ARC headers from third-parties +X-BeenThere: arc-discuss@dmarc.org +X-Mailman-Version: 2.1.18 +Precedence: list +List-Id: Discussion of the ARC protocol <arc-discuss.dmarc.org> +List-Unsubscribe: <http://lists.dmarc.org/mailman/options/arc-discuss>, + <mailto:arc-discuss-request@dmarc.org?subject=unsubscribe> +List-Archive: <http://lists.dmarc.org/pipermail/arc-discuss/> +List-Post: <mailto:arc-discuss@dmarc.org> +List-Help: <mailto:arc-discuss-request@dmarc.org?subject=help> +List-Subscribe: <http://lists.dmarc.org/mailman/listinfo/arc-discuss>, + <mailto:arc-discuss-request@dmarc.org?subject=subscribe> +From: Jered Floyd via arc-discuss <arc-discuss@dmarc.org> +Reply-To: Jered Floyd <jered@convivian.com> +Content-Type: multipart/mixed; boundary="===============2728806607597782871==" +Errors-To: arc-discuss-bounces@dmarc.org +Sender: "arc-discuss" <arc-discuss-bounces@dmarc.org> + +--===============2728806607597782871== +Content-Type: multipart/alternative; + boundary="=_bda8d35f-e3be-4e59-9fc8-f78ed0af3226" + +--=_bda8d35f-e3be-4e59-9fc8-f78ed0af3226 +Content-Type: text/plain; charset=utf-8 +Content-Transfer-Encoding: 7bit + +>> Couldn't the first untrusted ARC signer (working in reverse chronological order) +>> simply have faked all the earlier headers and applied a "valid" ARC +>> signature/seal? This is why I figured you must trust the entire chain if you +>> want to trust the sender data. + +> They can't fake an earlier signature unless they have the private key for the +> signing domain. + +> Ie, a non-modifying hop is basically a no-op, unless you want to trust their +> auth results. + +OK, sure; I agree with that. But I guess I see ARC as primarily for indirect mail flows that break DKIM (i.e. Mailman), in which case I think trust is needed to bridge those hops? + +--Jered + +--=_bda8d35f-e3be-4e59-9fc8-f78ed0af3226 +Content-Type: text/html; charset=utf-8 +Content-Transfer-Encoding: 7bit + +<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000"><div><br></div><div data-marker="__QUOTED_TEXT__"><blockquote style="border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><div dir="ltr"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> +Couldn't the first untrusted ARC signer (working in reverse chronological order) simply have faked all the earlier headers and applied a "valid" ARC signature/seal? This is why I figured you must trust the entire chain if you want to trust the sender data.<br></blockquote><br><div>They can't fake an earlier signature unless they have the private key for the signing domain.</div><br><div>Ie, a non-modifying hop is basically a no-op, unless you want to trust their auth results.</div></div></div></blockquote><div>OK, sure; I agree with that. But I guess I see ARC as primarily for indirect mail flows that break DKIM (i.e. Mailman), in which case I think trust is needed to bridge those hops?<br></div><div><br data-mce-bogus="1"></div><div>--Jered<br data-mce-bogus="1"></div></div></div></body></html> +--=_bda8d35f-e3be-4e59-9fc8-f78ed0af3226-- + +--===============2728806607597782871== +Content-Type: text/plain; charset="us-ascii" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +Content-Disposition: inline + +_______________________________________________ +arc-discuss mailing list +arc-discuss@dmarc.org +http://lists.dmarc.org/mailman/listinfo/arc-discuss + +--===============2728806607597782871==-- +. +??? 250 +QUIT +??? 221 +**** +# +exim -DSERVER=server -DNOTDAEMON -q +**** +exim -DSERVER=server -DNOTDAEMON -q +**** +# +# +# +# +# +# +# +# +# +killdaemon +# +no_stdout_check +no_msglog_check diff --git a/test/scripts/4560-ARC/REQUIRES b/test/scripts/4560-ARC/REQUIRES new file mode 100644 index 000000000..117c09f77 --- /dev/null +++ b/test/scripts/4560-ARC/REQUIRES @@ -0,0 +1 @@ +support Experimental_ARC diff --git a/test/stderr/4520 b/test/stderr/4520 index 19ff3fb48..4e6a2666f 100644 --- a/test/stderr/4520 +++ b/test/stderr/4520 @@ -34,6 +34,7 @@ PDKIM >> Parsing public key record >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> WARNING: bad dkim key in dns PDKIM (finished checking verify key)<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< content{CR}{LF} +PDKIM: finish bodyhash 1/1/-1 len 9 PDKIM [test.ex] Body bytes (relaxed) hashed: 9 PDKIM [test.ex] Body sha256 computed: fc06f48221d98ad6106c3845b33a2a41152482ab9e697f736ad26db4853fa657 PDKIM >> Headers to be signed: >>>>>>>>>>>> |