[Rspamd-Users] ARC whitelist

David Krantz gazorg at gmail.com
Fri Jul 17 11:37:41 UTC 2020


How is the whitelisted_signers_map directive in the arc.conf intended
to work? I have tried putting a filename in it and adding the
whitelisted domains one per line in that file. The file should be
readable by rspamd. I still get failures in the verification on ARC
signatures from those domains.

My setup is a mail list server where the messages should be signed
when incoming to verify DKIM and SPF from the original sender and then
again after forwarding the mail via a list as the message is altered
with a prefix to the subject and a footer. I get two signatures (i=1
with cv=none and i=2 with cv=fail) but I have yet to succeed in
getting other than cv=fail on the second signature as the ARC plugin
detects changes. I know that the changes are benign so I'd like to
sign them as okay although the hash obviously will be broken but I do
not get that to work.

*** Section arc ***
use_esld = true;
key_prefix = "ARC_KEYS";
allow_envfrom_empty = true;
sign_networks [
sign_authenticated = true;
symbol_sign = "ARC_SIGNED";
allow_username_mismatch = true;
sign_local = true;
use_domain_sign_inbound = "recipient";
allow_hdrfrom_mismatch = true;
selector = "dkim";
auth_only = true;
whitelisted_signers_map = "/etc/rspamd/arc_whitelisted_signers.map";
try_fallback = false;
path = "/var/lib/rspamd/dkim/$domain.$selector.key";
domain {
    listsrv.example.com {
        path = "/var/lib/rspamd/dkim/listsrv.example.com.dkim.key";
        selector = "dkim";
domain {
    example.com {
        path = "/var/lib/rspamd/dkim/example.com.dkim.key";
        selector = "dkim";
use_redis = false;
reuse_auth_results = true;
sign_inbound = true;
selector_map = "/etc/rspamd/dkim_selectors.map";
use_domain = "header";
allow_hdrfrom_multiple = true;

*** End of section arc ***

my /etc/rspamd/arc_whitelisted_signers.map just contains

// David

More information about the Users mailing list