ARC (Authenticated Received Chain)

Use this forum if you want to discuss a problem or ask a question related to a hMailServer beta release.
Post Reply
alancunn
Normal user
Normal user
Posts: 39
Joined: 2007-04-19 12:10

ARC (Authenticated Received Chain)

Post by alancunn » 2018-04-05 22:48

So I don't know whether this is best here or in the feature requests, but I would be keen to see an implementation of ARC http://arc-spec.org/ built into hMailServer or available as a plugin soon. :wink:

I know that there is an OpenARC library, but I wouldn't know where to start with implementing it.

Of course, I appreciate that ARC is technically still in draft form, but it has now been implemented by Google, so others will follow suit soon.

I have come to have an interest in this, after fighting for many hours to work out why e-mails weren't being received by the recipient when my server was the intermediary (As is common, and recognised, for mailing lists). In this instance I didn't want to completely re-write the message (new from / dkim / reply to etc), but some (possible) fault in hMailServer's scripting oMessage.addHeader / oMessage.Save was removing a CRLF from the boundary lines and changing it to a space in the body. This was breaking the DKIM bodyhash, therefore the DMARC which was set to reject :x

Increasingly, the large MX (Google, Yahoo, Hotmail) are implementing strict DKIM, SPF and DMARC policies. Without SRS (Sender Rewriting Scheme) and ARC, we will soon be completely unable to forward messages. We will only be able to send messages out from our servers and receive them in. Obviously, real life is a little more varied, and ARC is the acknowledgment of that. I think that ARC will therefore be needed if we are to continue to be able to forward messages...

Would appreciate others' more enlightened thoughts on this!

User avatar
Lee Thompson
Normal user
Normal user
Posts: 38
Joined: 2009-01-15 11:18

Re: ARC (Authenticated Received Chain)

Post by Lee Thompson » 2018-04-11 20:48

I'd like to see DMARC added to hMailServer as well (https://dmarc.org/ for info for the dev team).

alancunn
Normal user
Normal user
Posts: 39
Joined: 2007-04-19 12:10

Re: ARC (Authenticated Received Chain)

Post by alancunn » 2018-04-11 23:40

Lee Thompson wrote:
2018-04-11 20:48
I'd like to see DMARC added to hMailServer as well (https://dmarc.org/ for info for the dev team).
Hi Lee,

Thanks for the comment. I think that DMARC would almost certainly need to be implemented as part of ARC and SRS. However, I may be wrong, so definitely worth clarifying.

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: ARC (Authenticated Received Chain)

Post by mattg » 2018-04-12 00:59

I have DMARC records for my domains, but hMailserver doesn't do anything with DMARC information.

I'm guessing that what you'd like to see is DMARC being used for SPAM scoring incoming mail directly within hMailserver, or perhaps some DMARC reporting

There is also checking CAA records and DANE encryption for spam Scoring purposes
I'd also like to be able to use DNSSEC and DNSCrypt, but until the world uses certificates that can be verified correctly, and repudiated instantly, neither of these mean much.

Here is a thread started by Martin about plans for the future >> viewtopic.php?f=2&t=27191
(In saying that, Martin isn't about much anymore except for security updates. I've been using RvdH's builds for a while now >> viewtopic.php?f=10&t=30193&start=60#p203420 which are built on top of the current releases - got to love Github)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Post Reply