Mailing List Archive

[Bug 2639] New: arc_sign diagnostics could be easier to get
https://bugs.exim.org/show_bug.cgi?id=2639

Bug ID: 2639
Summary: arc_sign diagnostics could be easier to get
Product: Exim
Version: 4.94
Hardware: All
OS: All
Status: NEW
Severity: wishlist
Priority: medium
Component: Experimental
Assignee: unallocated@exim.org
Reporter: pdp@exim.org
CC: exim-dev@exim.org

The `arc_sign` option takes a specific list of fields, in a specific order,
instead of splitting out into multiple options. If a field is missed,
diagnosis is currently a little awkward. Some thoughts from a real-world
glitch follow.

arc_sign = <admd-identifier> : <selector> : <privkey> [ : <options> ]

In deploying ARC last night for a project, I had arc_sign missing the selector
field. Thus we ended up with privkey="timestamps". To find that out, with a
MLM invoking the binary to send instead of speaking SMTP, I had to use Exim's
hold_domains to be able to perform a manual delivery with -d+transport.

1. If there's a failing loading key material, then the log-line could usefully
include the expanded path directly
2. If we want to force fully-qualified paths for privkey, which I _suspect_ we
do for sanity's sake, then checking for a `/` in it would help.
3. Selector was getting a path, but `/` is invalid syntax in a selector, so
erroring on that earlier would help catch the misaligned parameters.

RFC 6376 says:
selector = sub-domain *( "." sub-domain )
sub-domain ABNF is imported from RFC 5321 which defines:
sub-domain = Let-dig [Ldh-str]

RFC 7489 pulls the ADMD definition from RFC 5598 which indirectly confirms that
an ADMD is a mail-domain (as expected) which means that RFC 5321's:
Domain = sub-domain *("." sub-domain)
applies, so the same sanity check can be applied to both admd-identifier and
selector.

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##