[Rspamd-Users] Switching on ARC sealing - how is this done?

Graham Leggett minfrin at sharp.fm
Mon Oct 12 22:30:43 UTC 2020

Hi all,

I am in the process of trying out rspamd’s 2.6 arc and dkim support. I have managed to get dkim support working, next up is arc.

I am getting some very odd behaviour that I don’t understand. When sending mail from sharp.fm to example.com, my logfile tells me this:

2020-10-12 23:33:44 #27174(rspamd_proxy) <1c2ea8>; arc; lua_dkim_tools.lua:168: mail was sent to us
2020-10-12 23:33:44 #27174(rspamd_proxy) <1c2ea8>; arc; lua_dkim_tools.lua:382: use domain(header) for signature: sharp.fm
2020-10-12 23:33:44 #27174(rspamd_proxy) <1c2ea8>; arc; lua_dkim_tools.lua:402: final DKIM domain: sharp.fm
2020-10-12 23:33:44 #27174(rspamd_proxy) <1c2ea8>; arc; lua_dkim_tools.lua:489: no selector in map for sharp.fm
2020-10-12 23:33:44 #27174(rspamd_proxy) <1c2ea8>; arc; lua_dkim_tools.lua:498: no key in map for sharp.fm
2020-10-12 23:33:44 #27174(rspamd_proxy) <1c2ea8>; arc; lua_dkim_tools.lua:503: dkim unconfigured and fallback disabled
2020-10-12 23:33:44 #27174(rspamd_proxy) <1c2ea8>; dkim_signing; lua_dkim_tools.lua:170: mail is ineligible for signing

The message "no selector in map for sharp.fm” makes no sense to me - that’s the sender domain, why would rspamd’s arc module try and look up the private key of the sender?

The docs make no sense to me. The “principals of operation” for ARC at https://rspamd.com/doc/modules/arc.html look like they are cut-and-paste identical to the “principals of operation” for DKIM signing at https://rspamd.com/doc/modules/dkim_signing.html.

My understanding is that you DKIM sign mail before it leaves the sender’s network using a private key attached to the sender’s domain, and you ARC seal the mail as it arrives at the receiver’s network (which could contain further jumps through spam filters etc before arriving at the recipient) using a private key attached to domains under control of the recipient.

Does anyone have a working example of ARC sealing?

I see commits to the arc module in the last day or so, is the arc module ready for production use or is this experimental?


More information about the Users mailing list