Mailing List Archive

On 12/15/23 23:45, Randy Bush via Exim-users wrote:
> does exim on current deb packages support ARC signing? DKIM support is
> nice, so i am hoping for ARC too.

"ecim -bV" and look at the "support for" line. If it include "Experimental_ARC"
then yes.
--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

>> "exim -bV" and look at the "support for" line. If it include
>> "Experimental_ARC" then yes.

debian bookworm amd64

mail.rg.net:/home/randy> exim -bV
Exim version 4.96 #2 built 18-Nov-2023 10:07:57
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2022
Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013)
Support for: crypteq iconv() IPv6 GnuTLS TLS_resume move_frozen_messages DANE DKIM DNSSEC Event I18N OCSP PIPECONNECT PRDR Queue_Ramp SOCKS SRS TCP_Fast_Open
On Fri, 15 Dec 2023 16:38:03 -0800,

sigh.
so it's rebuild
https://packages.debian.org/bookworm/exim4-daemon-heavy or move to postfix
sigh

with gobble et alia forcing ARC upon us[0]. i would hope it would be in
the distributed .debs

but thanks

randy

---

[0] - https://support.google.com/mail/answer/81126#arc

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 12/16/23 18:33, Randy Bush via Exim-users wrote:
> with gobble et alia forcing ARC upon us[0]. i would hope it would be in
> the distributed .debs

To be fair to Debian, we still regard it as experimental - having
had little evidence of it's actual use in the wild, and interoperability
of the Exim implementation.

So does the IETF; RFC 8617 is Experimental, not Standards-Track.

As I read that G note, they only use it as a negative signal.
--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Sat, Dec 16, 2023 at 06:55:53PM +0000, Jeremy Harris via Exim-users wrote:
> On 12/16/23 18:33, Randy Bush via Exim-users wrote:
> > with gobble et alia forcing ARC upon us[0]. i would hope it would be in
> > the distributed .debs
>
> To be fair to Debian, we still regard it as experimental - having
> had little evidence of it's actual use in the wild, and interoperability
> of the Exim implementation.
>
> So does the IETF; RFC 8617 is Experimental, not Standards-Track.
>
> As I read that G note, they only use it as a negative signal.

Just to be sure it wasn't a case of "nobody asked", I did:

<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058808>

So, yes, we're left with needing to compile a 'custom' exim4 package
ourselves[1], and then put the relevant packages on hold so this doesn't
get undone by a Debian update *and* then updating our custom packages
quickly if there's a security fix or similar.
Or *is* there some method within an exim4 configuration file to check
if a feature is available? If not, then attempting to run a 'vanilla'
Debian exim4 with a configuration that has ARC-related configuration
options will result in an error, yes ?

[1] - See `debian/rules` in an `apt-get source exim4` unpacking of the
sources. You can get an `exim4-daemon-custom` package built with your
own options toggled.
--
- Athanasius (he/him) = Athanasius(at)miggy.org / https://miggy.org/
GPG/PGP Key: https://miggy.org/gpg-key
"And it's me who is my enemy. Me who beats me up.
Me who makes the monsters. Me who strips my confidence." Paula Cole - ME

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

>> with gobble et alia forcing ARC upon us[0]. i would hope it would be
>> in the distributed .debs
>
> To be fair to Debian, we still regard it as experimental - having had
> little evidence of it's actual use in the wild, and interoperability
> of the Exim implementation.

i am not seeking to blame. blame does not move packets.

i agree that it would be good to see a lot of interop. gonna be darn
hard if i can not turn it on. i suspect there will be an ARC/DMARC
interop at the brisbane hackathon.

> So does the IETF; RFC 8617 is Experimental, not Standards-Track.

i have written and/or run in expperimental rfcs for decades. often it
means it was not politically acceptable, e.g. nat, a+p, ... :)

> As I read that G note, they only use it as a negative signal.

my read of the tea leaves is a bit different, but i am a coffee
drinker. if one runs a list server, [DMARC and] ARC are gonna be
needed if you have subscribers in gobble land and you do not want to
end up in their spamboxes. and it is said that yahoo is doing the
same.

so i have to weigh the work of moving the list server to postfix and
the kludges to get DKIM, ARC, ... in that environment against the work
of building exim using the source from the debian port, (which i have
not done since phil hazel left the building) adding `EXPERIMENTAL_ARC =
yes`.

but thanks for the perspective. i get the message.

randy

[0] - https://support.google.com/mail/answer/81126#arc

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 12/17/2023 1:37 pm, Randy Bush via Exim-users wrote:
>>> with gobble et alia forcing ARC upon us[0]. i would hope it would be
>>> in the distributed .debs

>> As I read that G note, they only use it as a negative signal.
>
> my read of the tea leaves is a bit different, but i am a coffee
> drinker. if one runs a list server, [DMARC and] ARC are gonna be
> needed if you have subscribers in gobble land and you do not want to
> end up in their spamboxes. and it is said that yahoo is doing the
> same.
>
> so i have to weigh the work of moving the list server to postfix and
> the kludges to get DKIM, ARC, ... in that environment against the work
> of building exim using the source from the debian port, (which i have
> not done since phil hazel left the building) adding `EXPERIMENTAL_ARC =
> yes`.
>
> but thanks for the perspective. i get the message.
>
> randy
>
> [0] - https://support.google.com/mail/answer/81126#arc

FTR, I'm running with ARC for a number of years on FreeBSD, and no
issues
with Interop AFAICT.

Just a data point.
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 E-Mail: ler@lerctr.org
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106

Randy Bush via Exim-users <exim-users@lists.exim.org> (Sa 16 Dez 2023 19:33:57 CET):
> >> "exim -bV" and look at the "support for" line. If it include
> >> "Experimental_ARC" then yes.
>
> debian bookworm amd64
>
> mail.rg.net:/home/randy> exim -bV
> Exim version 4.96 #2 built 18-Nov-2023 10:07:57
> Copyright (c) University of Cambridge, 1995 - 2018
> (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2022
> Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013)
> Support for: crypteq iconv() IPv6 GnuTLS TLS_resume move_frozen_messages DANE DKIM DNSSEC Event I18N OCSP PIPECONNECT PRDR Queue_Ramp SOCKS SRS TCP_Fast_Open
> On Fri, 15 Dec 2023 16:38:03 -0800,
>
> sigh.
> so it's rebuild
> https://packages.debian.org/bookworm/exim4-daemon-heavy or move to postfix
> sigh
>
> with gobble et alia forcing ARC upon us[0]. i would hope it would be in
> the distributed .debs

Maybe you can use this https://gitea.schlittermann.de/heiko/exim4-exim.org/src/branch/debian/bookworm/debian
as a starting point. I'm building packages whith almost all feature enabled.
--
Heiko

On 12/17/23 10:35, Athanasius via Exim-users wrote:
> Or *is* there some method within an exim4 configuration file to check
> if a feature is available?

.ifdef _EXP_VAR_ARC_STATE
...
.endif

--
Cheers,
Jeremy


PS: It's "exim". Only Debian thinks that versions preceding 4.0 might still
be relevant, 21 years after they went obsolete.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Tue, Dec 19, 2023 at 12:44?PM Athanasius via Exim-users <
exim-users@lists.exim.org> wrote:

> On Sat, Dec 16, 2023 at 06:55:53PM +0000, Jeremy Harris via Exim-users
> wrote:
> > On 12/16/23 18:33, Randy Bush via Exim-users wrote:
> > > with gobble et alia forcing ARC upon us[0]. i would hope it would be in
> > > the distributed .debs
> >
> > To be fair to Debian, we still regard it as experimental - having
> > had little evidence of it's actual use in the wild, and interoperability
> > of the Exim implementation.
> >
> > So does the IETF; RFC 8617 is Experimental, not Standards-Track.
> >
> > As I read that G note, they only use it as a negative signal.
>
> Just to be sure it wasn't a case of "nobody asked", I did:
>
> <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058808>
>
> So, yes, we're left with needing to compile a 'custom' exim4 package
> ourselves[1], and then put the relevant packages on hold so this doesn't
> get undone by a Debian update *and* then updating our custom packages
> quickly if there's a security fix or similar.
> Or *is* there some method within an exim4 configuration file to check
> if a feature is available? If not, then attempting to run a 'vanilla'
> Debian exim4 with a configuration that has ARC-related configuration
> options will result in an error, yes ?
>
> [1] - See `debian/rules` in an `apt-get source exim4` unpacking of the
> sources. You can get an `exim4-daemon-custom` package built with your
> own options toggled.
> --
> - Athanasius (he/him) = Athanasius(at)miggy.org / https://miggy.org/
> GPG/PGP Key: https://miggy.org/gpg-key
> "And it's me who is my enemy. Me who beats me up.
> Me who makes the monsters. Me who strips my confidence." Paula Cole - ME
>

Does this imply that Debian-ists are scared of running anything outside the
aegis of Debian pages?
I have an Ubuntu server where I run Exim-4.97 that I compiled manually -
not as a Debian package
and it's running just fine.
The only thing I wasn't able to include is SRS support because I could not
find libsrs_alt anywhere, but then again I do not use SRS.


--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(?)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 19/12/2023 11:27, Odhiambo Washington via Exim-users wrote:
> The only thing I wasn't able to include is SRS support because I could not
> find libsrs_alt anywhere, but then again I do not use SRS.

SUPPORT_SRS=yes
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-dkim_spf_srs_and_dmarc.html

libsrs_alt code was removed in 4.96 IIRC.

Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha@gmx.net> | https://www.blafasel.at/
Vienna University Computer Center | Austria

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Wed, Dec 20, 2023 at 11:46?AM Wolfgang Breyha via Exim-users <
exim-users@lists.exim.org> wrote:

> On 19/12/2023 11:27, Odhiambo Washington via Exim-users wrote:
> > The only thing I wasn't able to include is SRS support because I could
> not
> > find libsrs_alt anywhere, but then again I do not use SRS.
>
> SUPPORT_SRS=yes
>
> https://www.exim.org/exim-html-current/doc/html/spec_html/ch-dkim_spf_srs_and_dmarc.html
>
> libsrs_alt code was removed in 4.96 IIRC.
>

You're right. I was suffering the libsrs_alt issues because I was using a
Local/Makefile from 4.96. Duh!

Thank you.


--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(?)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/