1openarc.conf(5)               File Formats Manual              openarc.conf(5)
2
3
4

NAME

6       openarc.conf - Configuration file for openarc
7
8

LOCATION

10       /etc/openarc.conf
11
12

DESCRIPTION

14       openarc(8) implements the ARC (Authenticated Received Chain) specifica‐
15       tion for verifying authentication and handling of messages as they  are
16       routed to their destinations.  This file is its configuration file.
17
18       Blank  lines  are ignored.  Lines containing a hash ("#") character are
19       truncated at the hash character to allow for comments in the file.
20
21       Other content should be the name of  a  parameter,  followed  by  white
22       space,  followed  by  the  value  of that parameter, each on a separate
23       line.
24
25       For parameters that are Boolean in nature, only the first byte  of  the
26       value  is  processed.  For positive values, the following are accepted:
27       "T", "t", "Y", "y",  "1".   For  negative  values,  the  following  are
28       accepted: "F", "f", "N", "n", "0".
29
30       See the openarc(8) man page for details about how and when the configu‐
31       ration file contents are reloaded.
32
33       Unless otherwise stated, Boolean values  default  to  "false",  integer
34       values  default  to  0,  and string and dataset values default to being
35       undefined.
36
37

PARAMETERS

39       AutoRestart (Boolean)
40              Automatically re-start on failures.  Use with  caution;  if  the
41              filter  fails  instantly after it starts, this can cause a tight
42              fork(2) loop.
43
44
45       AutoRestartCount (integer)
46              Sets the maximum automatic restart count.  After this number  of
47              automatic  restarts,  the  filter will give up and terminate.  A
48              value of 0 implies no limit; this is the default.
49
50
51       AutoRestartRate (string)
52              Sets the maximum automatic restart rate.  If the  filter  begins
53              restarting  faster  than  the rate defined here, it will give up
54              and terminate.  This is a string of the form n/t[u] where  n  is
55              an  integer limiting the count of restarts in the given interval
56              and t[u] defines the time interval through  which  the  rate  is
57              calculated;  t is an integer and u defines the units thus repre‐
58              sented ("s" or "S" for seconds, the default; "m" or "M" for min‐
59              utes;  "h" or "H" for hours; "d" or "D" for days).  For example,
60              a value of "10/1h" limits the restarts to 10 in one hour.  There
61              is no default, meaning restart rate is not limited.
62
63
64       Background (Boolean)
65              Causes  openarc  to fork and exits immediately, leaving the ser‐
66              vice running in the background.  The default is "true".
67
68
69       Canonicalization (string)
70              Selects the canonicalization method(s) to be used  when  signing
71              messages.   When verifying, the message's ARC-Message-Signature:
72              header field specifies the canonicalization method.  The  recog‐
73              nized values are relaxed and simple as defined by the DKIM spec‐
74              ification.   The  default  is  relaxed/simple.   The  value  may
75              include  two  different  canonicalizations  separated by a slash
76              ("/") character, in which case the first will be applied to  the
77              header and the second to the body.
78
79
80       ChangeRootDirectory (string)
81              Requests  that  the  operating  system change the effective root
82              directory of the process to the  one  specified  here  prior  to
83              beginning  execution.   chroot(2)  requires  superuser access. A
84              warning will be generated if UserID is not also set.
85
86
87       EnableCoredumps (boolean)
88              On systems that have such support, make an explicit  request  to
89              the  kernel  to dump cores when the filter crashes for some rea‐
90              son.  Some  modern  UNIX  systems  suppress  core  dumps  during
91              crashes  for  security reasons if the user ID has changed during
92              the lifetime of the process.  Currently only supported on Linux.
93
94
95       Include (string)
96              Names a file to be opened and read as an  additional  configura‐
97              tion file.  Nesting is allowed to a maximum of five levels.
98
99
100       InternalHosts (dataset)
101              Identifies  a set of hosts that identifies clients whose connec‐
102              tions should be treated as "internal" by this filter.   Messages
103              received  from such sources will not be verified and are instead
104              trusted  as-is;  in  particular,  their   Authentication-Results
105              fields  are  trusted  to  be correct and authentic, meaning they
106              will be assumed to contain the correct chain status when  gener‐
107              ating an outgoing seal.  See the description of "PeerList" for a
108              description of the supported format.  If  no  set  is  provided,
109              "127.0.0.1" is added to the list by default.
110
111
112       MilterDebug (integer)
113              Sets  the  debug  level to be requested from the milter library.
114              The default is 0.
115
116
117       Mode (string)
118              Selects the operating mode(s) for this filter.   If  the  string
119              contains  the  character "s", the filter will sign and seal mes‐
120              sages passing through the filter.  If the  string  contains  the
121              character  "v", the filter will do signature and seal validation
122              of arriving messages.  The two can be combined.  If  neither  is
123              specified,  the operating mode will be inferred on a per-connec‐
124              tion basis based on the entries in the InternalHosts list;  con‐
125              nections  from  internal hosts will be assigned to signing mode,
126              and all others will be assigned to verify mode.
127
128
129       OversignHeaders (string)
130              Specifies a comma-separated list  of  header  field  names  that
131              should  be included in all signature header lists (the "h=" tag)
132              once more than the number of times they were actually present in
133              the  signed  message.  The set is empty by default.  The purpose
134              of this, and especially of listing an absent header field, is to
135              prevent  the addition of important fields between the signer and
136              the verifier.  Since the  verifier  would  include  that  header
137              field  when  performing  verification if it had been added by an
138              intermediary, the signed message and the verified  message  were
139              different  and the verification would fail.  Note that listing a
140              field name here and not listing it in the  SignHeaders  list  is
141              likely to generate invalid signatures.
142
143
144       PeerList (dataset)
145              Identifies  a  set of "peers" that identifies clients whose con‐
146              nections should be accepted without processing by  this  filter.
147              The  set  should  contain  on  each line a hostname, domain name
148              (e.g. ".example.com"), IP address, an IPv6 address (including an
149              IPv4  mapped  address),  or  a CIDR-style IP specification (e.g.
150              "192.168.1.0/24").  An entry beginning with a bang ("!") charac‐
151              ter  means "not", allowing exclusions of specific hosts that are
152              otherwise members of larger sets.  Host  and  domain  names  are
153              matched first, then the IP or IPv6 address depending on the con‐
154              nection type.  More precise entries are preferred over less pre‐
155              cise    ones,    i.e.     "192.168.1.1"    will   match   before
156              "!192.168.1.0/24".  The text form  of  IPv6  addresses  will  be
157              forced  to  lowercase when queried (RFC5952), so the contents of
158              this data set should also use lowercase.  The IP address portion
159              of  an  entry may optionally contain square brackets; both forms
160              (with and without) will be checked.
161
162
163       PidFile (string)
164              Specifies the path to a file that should be created  at  process
165              start containing the process ID.
166
167
168       SignatureAlgorithm (string)
169              Selects the signing algorithm to use when generating signatures.
170              Use 'openarc -V' to see the list of supported  algorithms.   The
171              default is rsa-sha256.
172
173
174       SignHeaders (string)
175              Specifies  the set of header fields that should be included when
176              generating signatures.  This is expected to be a comma-separated
177              list  of  header  field names, and matching is case-insensitive.
178              If the list omits any header field that is mandated by  the  ARC
179              specification,  those  fields are implicitly added.  By default,
180              those fields listed in the DKIM  specification  as  "SHOULD"  be
181              signed (RFC6376, Section 5.4) will be signed by the filter.
182
183
184       Socket (string)
185              Specifies the socket that should be established by the filter to
186              receive connections from sendmail(8) in order  to  provide  ser‐
187              vice.  socketspec is in one of two forms: local:path, which cre‐
188              ates  a  UNIX  domain  socket  at   the   specified   path,   or
189              inet:port[@host] or inet6:port[@host] which creates a TCP socket
190              on the specified port and in the specified protocol family.   If
191              the host is not given as either a hostname or an IP address, the
192              socket will be  listening  on  all  interfaces.   A  literal  IP
193              address  must  be  enclosed  in square brackets.  This option is
194              mandatory either in the configuration file  or  on  the  command
195              line.
196
197
198       Syslog (Boolean)
199              Log via calls to syslog(3) any interesting activity.
200
201
202       SyslogFacility (string)
203              Log via calls to syslog(3) using the named facility.  The facil‐
204              ity names are the same as the ones  allowed  in  syslog.conf(5).
205              The default is "mail".
206
207
208       UserID (string)
209              Attempts  to  become the specified userid before starting opera‐
210              tions.  The value is of the form  userid[:group].   The  process
211              will  be  assigned all of the groups and primary group ID of the
212              named userid unless an alternate group is specified.
213
214

NOTES

216       Features that involve specification of IPv4 addresses  or  CIDR  blocks
217       will  use  the  inet_addr(3) function to parse that information.  Users
218       should be familiar with the way that function handles  the  non-trivial
219       cases  (for  example,  "192.0.2/24" and "192.0.2.0/24" are not the same
220       thing).
221

FILES

223       /etc/openarc.conf
224              Default location of this file.
225

VERSION

227       This man page covers version 1.0.0 of openarc.
228
229
231       Copyright (c) 2007, 2008, Sendmail, Inc. and its suppliers.  All rights
232       reserved.
233
234       Copyright  (c)  2009-2017,  The  Trusted  Domain  Project.   All rights
235       reserved.
236

SEE ALSO

238       openarc(8), sendmail(8)
239
240       RFC5451 - Message Header Field for  Indicating  Message  Authentication
241       Status
242
243       RFC5617 - DKIM Author Domain Signing Practises
244
245       RFC5965 - An Extensible Format for Email Feedback Reports
246
247       RFC6008 - Authentication-Results Registration for Differentiating among
248       Cryptographic Results
249
250       RFC6376 - DomainKeys Identified Mail
251
252       RFC6651 - Extensions to DomainKeys Identified Mail (DKIM)  for  Failure
253       Reporting
254
255
256
257                          The Trusted Domain Project           openarc.conf(5)
Impressum