[GF-Users] ARC Seal for mails to users at lists.ghettoforge.net
Peter
peter at pajamian.dhs.org
Mon Aug 25 18:07:49 MST 2025
The GF mailinglists are currently running on some very old infra, we
have plans to move to new infra (hopefully soon) and I will be
modernizing the various different specs (DKIM, DMARC, etc) at that time.
Until then it just has to limp along as it is.
Peter
On 26/08/25 04:50, Michael Webb wrote:
> Hi Peter
>
> I have noticed that DMARC fails from every users at lists.ghettoforge.net
> <mailto:users at lists.ghettoforge.net> posting. At first I thought I had
> misconfigured something, but now I think that ARC sealing before
> distribution to the user list would fix the problem. The emails retain
> the originator email address, and then DKIM and SPF checks fails because
> DMARC sees it is delivered by ‘infra-01.ghettoforge.org’ instead of the
> originator policies. (Also BTW, .org which should probably also be .net
> so that any RDNS checks work too). Problem might be that openarc package
> for ARC signing is not available in EPEL for EL10 just yet (but is
> available for EL8 & 9). It is not a difficult package to integrate.
>
> My go by is that emails posted by postfix-users at postfix.org
> <mailto:postfix-users at postfix.org> which uses a similar distribution
> philosophy to GF are ARC sealed and do not fail DMARC. Compare the
> headers below:
>
> Received: from lists.ghettoforge.net (unknown [163.47.119.159])
>
> by mx01.integrilog.com (Postfix) with ESMTP id BCEFF304231E
>
> for michael.webb at integrilog.com
> <mailto:michael.webb at integrilog.com>; Mon, 25 Aug 2025 03:25:58 -0600 (MDT)
>
> DMARC-Filter: OpenDMARC Filter v1.4.2 mx01.integrilog.com BCEFF304231E
>
> Authentication-Results: mx01.integrilog.com; dmarc=fail (p=reject
> dis=none) header.from=integrilog.com
>
> Authentication-Results: mx01.integrilog.com; spf=tempfail
> smtp.mailfrom=lists.ghettoforge.net
>
> Authentication-Results: mx01.integrilog.com; arc=none smtp.remote-
> ip=163.47.119.159
>
> DKIM-Filter: OpenDKIM Filter v2.11.0 mx01.integrilog.com BCEFF304231E
>
> Received: from infra-01.ghettoforge.org (localhost.localdomain [127.0.0.1])
>
> by lists.ghettoforge.net (Postfix) with ESMTP id
> 922DCD7BBD;
>
> Mon, 25 Aug 2025 02:25:55 -0700 (MST)
>
> X-Original-To: users at lists.ghettoforge.net
> <mailto:users at lists.ghettoforge.net>
>
> Delivered-To: users at lists.ghettoforge.net
> <mailto:users at lists.ghettoforge.net>
>
> Received: from mx22.integrilog.com (mail.integrilog.com [161.184.52.51])
>
> by lists.ghettoforge.net (Postfix) with ESMTP id BA18CD7B49
>
> for users at lists.ghettoforge.net
> <mailto:users at lists.ghettoforge.net>; Mon, 25 Aug 2025 02:25:52 -0700 (MST)
>
> Received: from localhost (mx22.integrilog.com [127.0.0.1])
>
> by mx22.integrilog.com (Postfix) with ESMTP id 06F2D40368FC
>
> for users at lists.ghettoforge.net
> <mailto:users at lists.ghettoforge.net>; Mon, 25 Aug 2025 03:25:50 -0600 (MDT)
>
> X-Virus-Scanned: amavis at mx22.integrilog.com
>
> Received: from mx22.integrilog.com ([127.0.0.1])
>
> by localhost (mx22.integrilog.com [127.0.0.1]) (amavis,
> port 10022)
>
> with ESMTP id mHTnLR7GsCk2 for
> users at lists.ghettoforge.net <mailto:users at lists.ghettoforge.net>;
>
> Mon, 25 Aug 2025 03:25:45 -0600 (MDT)
>
> Received: from exs03.integrilog.com (autodiscover.integrilog.com
> [10.10.16.5])
>
> (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-
> SHA384 (256/256
>
> bits)) (No client certificate requested)
>
> by mx22.integrilog.com (Postfix) with ESMTPS id
> 4715440368F8
>
> for users at lists.ghettoforge.net
> <mailto:users at lists.ghettoforge.net>; Mon, 25 Aug 2025 03:25:45 -0600 (MDT)
>
> DKIM-Filter: OpenDKIM Filter v2.11.0 mx22.integrilog.com 4715440368F8
>
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=integrilog.com;
>
> s=key0001; t=1756113945;
>
> bh=ljofPk3NKaCXQJ6sPuKsYl7NyJyf6/9AljBATde6ooQ=;
>
> h=From:To:Subject:Date:References:In-Reply-To:From;
>
> b=zRcBp2o3aa10JXQK9sQ18k8oiODoWHV+Jk7HO/
> SklBLLZl0Y7nicm5hzpsGuqMa4W
>
> e7kwbG8A/
> Qn6P1b5gRj+TIbga7hPSa+afufECoa5CRZ+jdUHZxBM7ZUKXQzzvFCi6k
>
>
> R41acnqku9HLSU2homyfyYPof7WyWeFh27y4WtX1mxzbKva+Q7UlSAc/po601F5dPz
>
> IXIC+RjyJePh5X7+P7b2RPd/
> i+NhO7AcIebOLaXUYR9lyoSRnhjhMgo0hQ/scrRI7S
>
> QQZZDwza9EM4tiYMFX7SN8fo5YG1+1UqqZg4TcQL6jvhob7/
> LlepiZ9J8hSqYMvUs4
>
> t8hJGpq9c9G+Q==
>
> Received: from exs03.integrilog.com (2620:cd:6000:110::5) by
>
> exs03.integrilog.com (2620:cd:6000:110::5) with
> Microsoft SMTP Server
>
> (version=TLS1_2,
> cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
>
> 15.1.2507.57; Mon, 25 Aug 2025 03:25:40 -0600
>
> Received: from exs03.integrilog.com ([10.10.18.5]) by exs03.integrilog.com
>
> ([10.10.18.5]) with mapi id 15.01.2507.057;
>
> Mon, 25 Aug 2025 03:25:40 -0600
>
> From: Michael Webb michael.webb at integrilog.com
> <mailto:michael.webb at integrilog.com>
>
> To: GhettoForge Users mailing list users at lists.ghettoforge.net
> <mailto:users at lists.ghettoforge.net>
>
> Received: from list.sys4.de (list.sys4.de [45.90.5.195])
>
> (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384
> (256/256 bits)
>
> key-exchange x25519 server-signature ECDSA (secp384r1)
> server-digest SHA384)
>
> (No client certificate requested)
>
> by mx01.integrilog.com (Postfix) with ESMTPS id
> 4286730423CE
>
> for michael.webb at integrilog.com
> <mailto:michael.webb at integrilog.com>; Wed, 30 Jul 2025 12:48:02 -0600 (MDT)
>
> Received: from [10.0.2.100] (list01.sys4.de [89.58.25.70])
>
> by list01.sys4.de (Postfix) with ESMTP id 4bsh6T6TxxzPjlR;
>
> Wed, 30 Jul 2025 20:47:45 +0200 (CEST)
>
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=postfix.org;
>
> s=20230217-rsa; t=1753901265;
>
> bh=elDB4IfubLaL7Z2IYe2miXAxOK8fD0xDx4EgUoKX/qg=;
>
> h=To:Date:MIME-Version:Subject:List-Id:List-Help:List-
> Owner:
>
> List-Post:List-Subscribe:List-Unsubscribe:From:Reply-To:
>
> Content-Type:Autocrypt:Cc:Content-Transfer-
> Encoding:Content-Type:
>
> Date:From:In-Reply-To:Mime-
> Version:Openpgp:References:Reply-To:
>
> Resent-To:Sender:Subject:To;
>
> b=jbpQ/OxXS2cQA20TgcvubhH/VkBkr5+/
> +VrvozF1WymSixZXobNdvh/IgYH/K8VEF
>
>
> okUiJ1EXQA2alGSR9h2CJQwj4jtFh5zPgOTdluNesgofMU83xOjiH8KINTTnpFjY1p
>
> S1rk8sCy5waHJsVej1HAEvRaVEZfrf85gqaxvZ4Xr9Q1EbHy+
> +mGpKrhnVGzo/Is/o
>
> YqyxkuxRgoY7KsJhvyTN7Bm/
> MlR3+thBk+SxbDU+bXYvLvqrA+BnzByRfwBh+kRizr
>
>
> W8jl7jeehcbWeuPLNLCLLdZtmef1GxDEiYKtEe4ZLjTVXcmsK5EwOpucy2XMiTbtlb
>
> B0movGvWUuePw==
>
> ARC-Seal: i=1; cv=none; a=rsa-sha256; d=list.sys4.de; s=2023032101;
>
> t=1753901253;
>
> b=agojSnL+2tTJk/vl0BrTlM213tVzMz1crNM1wmQTKRi4mX8uoien6+O5ImvZNSY1hOuMG
>
> P97CnUqTjqb+CpFiOfQ0N1iCkpsXnCfvUiGhN0KnxZI0S+/HcIhktHIFWrzY9QJ2VJrZoHD
>
> DZSxDkudE1j5QrV+Zu8638QYpiGyhbsLoReUCFUvxm6QmCZos0hg/AudGkm522k9SD/tFIk
>
> 3J2ABi8g/Xpp76ZpimW2thuhhNfGTB95XeCYH9oIin5hgROpc+4oWXYh0nZyzxFzZ5xw2Gb
>
> UukvjholKwFX4fAbBEprUSZVB7z1mcGqSoff1cXl9kOlf5LjL0zyu+TDgQEg==
>
> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
>
> d=list.sys4.de; s=2023032101; t=1753901253; h=from : sender : reply-to
>
> : subject : date : message-id : to : cc : mime-version : content-type
>
> : content-transfer-encoding : content-id : content-description :
>
> resent-date : resent-from : resent-sender : resent-to : resent-cc :
>
> resent-message-id : in-reply-to : references : list-id : list-help :
>
> list-unsubscribe : list-subscribe : list-post : list-owner :
>
> list-archive; bh=elDB4IfubLaL7Z2IYe2miXAxOK8fD0xDx4EgUoKX/qg=;
>
> b=tGJKonr9rCBuGv0PJ0pN7I/HFGAqUNeBqftQWQDlMAJXbBY4Qg4vJUhl6CuneDrp2uRR6
>
> /tRK89jpGMnJCqf+f8VKcRlkppQHQmzxTpiJnEKnoe/CB55PlFH5LnkvkfQ6GB6Esywp9rl
>
> zv8DEcjN9kBOxUL3jeIClf5QFgUVHMVV6PlUpS/ZpOgkdGw1tw6qXGggN09R5oTxhGHh5XO
>
> 20qQ9j81kdpvwEaGfhRXaGpVrwpjS4FY5e8HSoslHQwEpQKR3syjrJr5QDqIJzEbF1+c8IM
>
> nQekg+XXt4RThsgg3uds9mnKkO9sD7aUV1nA36DvWMeympyrqvOXTJB3UT8w==
>
> ARC-Authentication-Results: i=1; list.sys4.de;
>
> dkim=pass header.d=integrilog.com;
>
> arc=none (Message is not ARC signed);
>
> dmarc=pass (Used From Domain Record) header.from=integrilog.com
>
> policy.dmarc=reject
>
> Authentication-Results: list.sys4.de; dkim=pass header.d=integrilog.com;
>
> arc=none (Message is not ARC signed);
>
> dmarc=pass (Used From Domain Record) header.from=integrilog.com
>
> policy.dmarc=reject
>
> Received: from mx02.integrilog.com (mail.integrilog.com [161.184.52.51])
>
> by list01.sys4.de (Postfix) with ESMTPS id 4bsh661xlCzPjhD
>
> for postfix-users at postfix.org <mailto:postfix-
> users at postfix.org>; Wed, 30 Jul 2025 20:47:25 +0200 (CEST)
>
> Received: from localhost (mx02.integrilog.com [127.0.0.1])
>
> by mx02.integrilog.com (Postfix) with ESMTP id C7F9B3041381
>
> for postfix-users at postfix.org <mailto:postfix-
> users at postfix.org>; Wed, 30 Jul 2025 12:47:18 -0600 (MDT)
>
> X-Virus-Scanned: amavis at mx02.integrilog.com
>
> Received: from mx02.integrilog.com ([127.0.0.1])
>
> by localhost (mx02.integrilog.com [127.0.0.1]) (amavis, port 10022)
>
> with ESMTP id 92Fy9X_IwtbL for postfix-users at postfix.org
> <mailto:postfix-users at postfix.org>;
>
> Wed, 30 Jul 2025 12:47:01 -0600 (MDT)
>
> Received: from exs03.integrilog.com (autodiscover.webbfamily.ca
> [10.10.16.5])
>
> (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-
> SHA384 (256/256 bits))
>
> (No client certificate requested)
>
> by mx02.integrilog.com (Postfix) with ESMTPS id
> 3E6903041380
>
> for postfix-users at postfix.org <mailto:postfix-
> users at postfix.org>; Wed, 30 Jul 2025 12:46:58 -0600 (MDT)
>
> DKIM-Filter: OpenDKIM Filter v2.11.0 mx02.integrilog.com 3E6903041380
>
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=integrilog.com;
>
> s=key0001; t=1753901219;
>
> bh=dfL7Zv84NO8dX8GFvWN/WPoBJDW25ohHhQZRnDt2DA0=;
>
> h=From:To:Subject:Date:From;
>
>
> b=bRGtbtXTuOvfosq7fzfXTkw587yM53Ai29Of+5Mtx2WVeOAHGgwf+UC1vU1yKF+3B
>
>
> PWTAaktYV6KLFGEpyz9RudAYhvYadDmBveFXBEjJxfbmUEQmTt1dNLA41F2W4I+vPj
>
> 972a+VmaH+TdvaIMKN4wGlg1KrwO4OjRkjhC08fJbnvfWlYF45B/
> NLVSJ0YnbyXv/l
>
> Rt2S3ACr4/
> jHA1jHnep5mVrmaITHePk9hRl5+wyI+2pqQjVUTgEqGr9HO75r13iHp4
>
>
> fPleS3ippScPHABStCbbCZY26wI0hCw4pDN3dVbOVATOa5HS+EGwy4LUaWblc+EJfA
>
> j2qFExxTNMEdQ==
>
> Received: from exs03.integrilog.com (2620:cd:6000:110:8906:cf1:2c13:aa7c) by
>
> exs03.integrilog.com (2620:cd:6000:110:8906:cf1:2c13:aa7c) with Microsoft
>
> SMTP Server (version=TLS1_2,
> cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
>
> 15.1.2507.39; Wed, 30 Jul 2025 12:46:50 -0600
>
> Received: from exs03.integrilog.com ([10.10.18.5]) by exs03.integrilog.com
>
> ([10.10.18.5]) with mapi id 15.01.2507.039; Wed, 30 Jul 2025 12:46:50 -0600
>
> To: postfix-users at postfix.org <mailto:postfix-users at postfix.org>
> postfix-users at postfix.org <mailto:postfix-users at postfix.org>
>
> Mike
>
>
> _______________________________________________
> users mailing list
> users at lists.ghettoforge.net
> http://lists.ghettoforge.net/mailman/listinfo/users
More information about the users
mailing list