OpenARCをインストール・設定する。
OpenARC/openarc/openarc.conf.sample at master · trusteddomainproject/OpenARC · GitHub
インストール
dnfでインストール
$ env LANG=C sudo dnf install openarc
Last metadata expiration check: 1:08:33 ago on Fri Jan 12 20:46:55 2024.
Dependencies resolved.
============================================================================================================================================
Package Architecture Version Repository Size
============================================================================================================================================
Installing:
openarc x86_64 1.0.0-0.15.Beta3.el8 ol8_developer_EPEL 66 k
Installing dependencies:
libopenarc x86_64 1.0.0-0.15.Beta3.el8 ol8_developer_EPEL 48 k
Transaction Summary
============================================================================================================================================
Install 2 Packages
Total download size: 113 k
Installed size: 202 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): openarc-1.0.0-0.15.Beta3.el8.x86_64.rpm 41 kB/s | 66 kB 00:01
(2/2): libopenarc-1.0.0-0.15.Beta3.el8.x86_64.rpm 29 kB/s | 48 kB 00:01
--------------------------------------------------------------------------------------------------------------------------------------------
Total 69 kB/s | 113 kB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : libopenarc-1.0.0-0.15.Beta3.el8.x86_64 1/2
Running scriptlet: openarc-1.0.0-0.15.Beta3.el8.x86_64 2/2
Installing : openarc-1.0.0-0.15.Beta3.el8.x86_64 2/2
Running scriptlet: openarc-1.0.0-0.15.Beta3.el8.x86_64 2/2
/sbin/ldconfig: /etc/ld.so.conf.d/kernel-5.4.17-2011.1.2.el8uek.x86_64.conf:6: hwcap directive ignored
/sbin/ldconfig: /etc/ld.so.conf.d/kernel-5.4.17-2011.7.4.el8uek.x86_64.conf:6: hwcap directive ignored
Verifying : libopenarc-1.0.0-0.15.Beta3.el8.x86_64 1/2
Verifying : openarc-1.0.0-0.15.Beta3.el8.x86_64 2/2
Installed:
libopenarc-1.0.0-0.15.Beta3.el8.x86_64 openarc-1.0.0-0.15.Beta3.el8.x86_64
Complete!
$ 設定ファイル確認
$ env LANG=C ls -la /etc/openarc.conf
-rw-r--r--. 1 root openarc 679 Oct 11 2022 /etc/openarc.conf
$ env LANG=C ls -la /etc/openarc/
total 20
drwxr-xr-x. 2 root openarc 4096 Jan 12 21:55 .
drwxr-xr-x. 161 root root 12288 Jan 12 21:55 ..
-r--r-----. 1 openarc openarc 23 Oct 11 2022 PeerList
$設定していく。秘密鍵はDKIMのをコピーして利用(OpenDKIMとはユーザが異なるので、コピーする)。
$ sudo cp /etc/opendkim/keys/example.jp/20231210.private /etc/openarc/
$ chown openarc:openarc /etc/openarc/20231210.private
$ env LANG=C ls -la /etc/openarc/
total 24
drwxr-xr-x. 2 root openarc 4096 Jan 12 22:04 .
drwxr-xr-x. 161 root root 12288 Jan 12 22:00 ..
-rw-------. 1 openarc openarc 1679 Jan 12 22:04 20231210.private
-r--r-----. 1 openarc openarc 23 Oct 11 2022 PeerList
$ /etc/openarc.conf の
- Domain
- Selector
- KeyFile
を変更。
$ sudo cat /etc/openarc.conf
## See openarc.conf(5) or /usr/share/doc/openarc-1.0.0/openarc.conf.sample for more
#PidFile /run/openarc/openarc.pid
Syslog yes
UserID openarc:openarc
Socket local:/run/openarc/openarc.sock
SignHeaders to,subject,message-id,date,from,mime-version,dkim-signature
PeerList /etc/openarc/PeerList
MilterDebug 6
EnableCoredumps yes
## After setting Mode to "sv", running
## opendkim-genkey -D /etc/openarc -s key -d
## and putting /etc/openarc
Mode sv
Canonicalization relaxed/relaxed
Domain example.jp
Selector 20231210
KeyFile /etc/openarc/20231210.private
#SignatureAlgorithm rsa-sha256
$ 設定ファイルチェック
# /sbin/openarc -n
# echo $?
0
#起動してみる。問題なさそうなので、自動起動を有効にしておく。
# systemctl start openarc
# systemctl status openarc
* openarc.service - Authenticated Receive Chain (ARC) Milter
Loaded: loaded (/usr/lib/systemd/system/openarc.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2024-01-12 22:12:30 JST; 17s ago
Docs: man:openarc(8)
man:openarc.conf(5)
http://www.trusteddomain.org/openarc/
Process: 4074895 ExecStartPost=/sbin/restorecon -r -F /run/openarc (code=exited, status=0/SUCCESS)
Main PID: 4074894 (openarc)
Tasks: 3 (limit: 203056)
Memory: 976.0K
CGroup: /system.slice/openarc.service
`-4074894 /usr/sbin/openarc -f
Jan 12 22:12:30 mail.example.jp systemd[1]: Starting Authenticated Receive Chain (ARC) Milter...
Jan 12 22:12:30 mail.example.jp openarc[4074894]: OpenARC Filter: Opening listen socket on conn local:/run/openarc/openarc.sock
Jan 12 22:12:30 mail.example.jp openarc[4074894]: OpenARC Filter v1.0.0 starting (args: -f)
Jan 12 22:12:30 mail.example.jp systemd[1]: Started Authenticated Receive Chain (ARC) Milter.
# systemctl enable openarc
Created symlink /etc/systemd/system/multi-user.target.wants/openarc.service -> /usr/lib/systemd/system/openarc.service.
# Postfix設定
Postfixのmilterとして、OpenARCを指定する。
/run/openarc/openarc.sock 経由で接続するため、postfixユーザをopenarcグループに追加しておく。
$ groups postfix
postfix : postfix mail opendkim
$ sudo gpasswd -a postfix openarc
$ groups postfix
postfix : postfix mail opendkim openarc/etc/postfix/main.cfを編集。
diff -r1.4 main.cf
733c733
< smtpd_milters = local:/run/opendkim/opendkim.sock
---
> smtpd_milters = local:/run/opendkim/opendkim.sock, local:/run/openarc/openarc.sockPostfixを再起動
$ sudo systemctl restart postfix
$ sudo systemctl status postfix
* postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2024-01-12 22:32:44 JST; 7s ago
Process: 4075663 ExecStop=/usr/sbin/postfix stop (code=exited, status=0/SUCCESS)
Process: 4075695 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
Process: 4075691 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
Process: 4075687 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
Process: 4075683 ExecStartPre=/usr/sbin/restorecon -R /var/spool/postfix/pid/master.pid (code=exited, status=255)
Main PID: 4075763 (master)
Tasks: 3 (limit: 203056)
Memory: 8.2M
CGroup: /system.slice/postfix.service
|-4075763 /usr/libexec/postfix/master -w
|-4075764 pickup -l -t unix -u
`-4075765 qmgr -l -t unix -u
Jan 12 22:32:43 mail.example.jp systemd[1]: Starting Postfix Mail Transport Agent...
Jan 12 22:32:43 mail.example.jp restorecon[4075683]: /usr/sbin/restorecon: lstat(/var/spool/postfix/pid/master.pid) failed: No such file or>
Jan 12 22:32:44 mail.example.jp postfix/master[4075763]: daemon started -- version 3.5.8, configuration /etc/postfix
Jan 12 22:32:44 mail.example.jp systemd[1]: Started Postfix Mail Transport Agent.
[shinichi@kasumi postfix]$メールを送受信してみる。ヘッダーに
- ARC-Seal
- ARC-Message-Signature
- ARC-Authentication-Results
がつく。また、Authentication-Resultsヘッダーに arc= でARCとしての検証結果がつく。
