openarc - Man Page

ARC signing and verifying filter for MTAs


openarc [-c configfile] [-f] [-n] [-p socketspec] [-P pidfile] [-u userid[:group]] [-v] [-V]


openarc implements the proposed ARC (Authenticated Received Chain) standard for confirming handling and authentication of a message as it is handled for delivery.

openarc uses the milter interface, originally distributed as part of version 8.11 of sendmail(8), to provide ARC signing and/or verifying service for mail transiting a milter-aware MTA.


-c configfile

Read the named configuration file.  See the openarc.conf(5) man page for details.  Values in the configuration file are overridden when their equivalents are provided on the command line until a configuration reload occurs.  The default is to read a configuration file from /etc/openarc.conf if one exists, or otherwise to apply defaults to all values.


Normally openarc forks and exits immediately, leaving the service running in the background. This flag suppresses that behaviour so that it runs in the foreground.


Parse the configuration file and command line arguments, reporting any errors found, and then exit.  The exit value will be 0 if the filter would start up without complaint, or non-zero otherwise.

-p socketspec

Specifies the socket that should be established by the filter to receive connections from sendmail(8) in order to provide service. socketspec is in one of two forms: local:path which creates a UNIX domain socket at the specified path, or inet:port[@host] or inet6:port[@host] which creates a TCP socket on the specified port using the requested protocol family.  If the host is not given as either a hostname or an IP address, the socket will be listening on all interfaces.  A literal IP address must be enclosed in square brackets.  If neither socket type is specified, local is assumed, meaning the parameter is interpreted as a path at which the socket should be created.  This parameter is mandatory either here or in the configuration file.

-P pidfile

Specifies a file into which the filter should write its process ID at startup.

-u userid[:group]

Attempts to be come the specified userid before starting operations.  The process will be assigned all of the groups and primary group ID of the named userid unless an alternate group is specified.  See the FILE PERMISSIONS section for more information.


Print the version number and build-time options, and then exit without doing anything else.

Exit Status

Filter exit status codes are selected according to sysexits(3).


This man page covers version 1.0.0 of openarc.

See Also

openarc.conf(5), sendmail(8)

Sendmail Operations Guide

RFC5321 - Simple Mail Transfer Protocol

RFC5322 - Internet Messages

RFC7601 - Message Header Field for Indicating Message Authentication Status

Referenced By


The Trusted Domain Project