From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Wed, 25 Apr 2018 21:30:31 +0000 (+0100)
Subject: ARC: add $arc_oldest_pass variable, for verify
X-Git-Tag: exim-4.92-RC1~194
X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=commitdiff_plain;h=ea7b1f162ff084a655dc0a5de87038b542f721f5;hp=08bd2689bdeceb41f161a7d54fc1af4abcbbb8c1

ARC: add $arc_oldest_pass variable, for verify
---

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 3e19066a9..b2d4314b2 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -18,6 +18,10 @@ JH/03 Bug 2269: When presented with a received message having a stupidly large
       number of DKIM-Signature headers, disable DKIM verification to avoid
       a resource-consumption attack.  The limit is set at twenty.
 
+JH/04 Add variables $arc_domains, $arc_oldest_pass for ARC verify.  Fix the
+      report of oldest_pass in ${authres } in consequence, and separate out
+      some descriptions of reasons for verification fail.
+
 
 Exim version 4.91
 -----------------
diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt
index 481af1a9b..ac3f1cc23 100644
--- a/doc/doc-txt/experimental-spec.txt
+++ b/doc/doc-txt/experimental-spec.txt
@@ -799,6 +799,7 @@ There are three new variables: $arc_state, $arc_state_reason, $arc_domains:
   $arc_state_reason	(if fail, why)
   $arc_domains		colon-sep list of ARC chain domains, in chain order.
 			problematic elements may have empty list elements
+  $arc_oldest_pass	lowest passing instance number of chain
 
 Receive log lines for an ARC pass will be tagged "ARC".
 
diff --git a/src/src/arc.c b/src/src/arc.c
index 9d8f7d5db..7374ba405 100644
--- a/src/src/arc.c
+++ b/src/src/arc.c
@@ -770,22 +770,25 @@ arc_set * as;
 int inst;
 BOOL ams_fail_found = FALSE;
 
-if (!(as = ctx->arcset_chain))
+if (!(as = ctx->arcset_chain_last))
   return US"none";
 
-for(inst = 0; as; as = as->next)
+for(inst = as->instance; as; as = as->prev, inst--)
   {
-  if (  as->instance != ++inst
-     || !as->hdr_aar || !as->hdr_ams || !as->hdr_as
-     || arc_cv_match(as->hdr_as, US"fail")
-     )
-    {
-    arc_state_reason = string_sprintf("i=%d"
-      " (cv, sequence or missing header)", as->instance);
-    DEBUG(D_acl) debug_printf("ARC chain fail at %s\n", arc_state_reason);
-    return US"fail";
-    }
+  if (as->instance != inst)
+    arc_state_reason = string_sprintf("i=%d (sequence; expected %d)",
+      as->instance, inst);
+  else if (!as->hdr_aar || !as->hdr_ams || !as->hdr_as)
+    arc_state_reason = string_sprintf("i=%d (missing header)", as->instance);
+  else if (arc_cv_match(as->hdr_as, US"fail"))
+    arc_state_reason = string_sprintf("i=%d (cv)", as->instance);
+  else
+    goto good;
 
+  DEBUG(D_acl) debug_printf("ARC chain fail at %s\n", arc_state_reason);
+  return US"fail";
+
+  good:
   /* Evaluate the oldest-pass AMS validation while we're here.
   It does not affect the AS chain validation but is reported as
   auxilary info. */
@@ -797,9 +800,15 @@ for(inst = 0; as; as = as->next)
       arc_oldest_pass = inst;
   arc_state_reason = NULL;
   }
+if (inst != 0)
+  {
+  arc_state_reason = string_sprintf("(sequence; expected i=%d)", inst);
+  DEBUG(D_acl) debug_printf("ARC chain fail %s\n", arc_state_reason);
+  return US"fail";
+  }
 
 arc_received = ctx->arcset_chain_last;
-arc_received_instance = inst;
+arc_received_instance = arc_received->instance;
 
 /* We can skip the latest-AMS validation, if we already did it. */
 
diff --git a/src/src/expand.c b/src/src/expand.c
index 42a5a5d5a..d9ce07e46 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -463,6 +463,7 @@ static var_entry var_table[] = {
   { "address_pipe",        vtype_stringptr,   &address_pipe },
 #ifdef EXPERIMENTAL_ARC
   { "arc_domains",         vtype_string_func, &fn_arc_domains },
+  { "arc_oldest_pass",     vtype_int,         &arc_oldest_pass },
   { "arc_state",           vtype_stringptr,   &arc_state },
   { "arc_state_reason",    vtype_stringptr,   &arc_state_reason },
 #endif
diff --git a/test/confs/4560 b/test/confs/4560
index 10ead1c51..3c31539f5 100644
--- a/test/confs/4560
+++ b/test/confs/4560
@@ -23,10 +23,11 @@ check_data:
   warn	!verify =	arc VALUE
 	INSERT
 
-  warn	logwrite =	arc_state: <$arc_state>
-	logwrite =	domains:   <$arc_domains>
+  warn	logwrite =	arc_state:      <$arc_state>
+	logwrite =	domains:        <$arc_domains>
+	logwrite =	arc_oldest_pass <$arc_oldest_pass>
 	condition =	${if def:arc_state_reason}
-	logwrite =	reason:    <$arc_state_reason>
+	logwrite =	reason:         <$arc_state_reason>
 
 .ifdef OPTION
   accept
diff --git a/test/confs/4562 b/test/confs/4562
index bc7415ca6..4360554b8 100644
--- a/test/confs/4562
+++ b/test/confs/4562
@@ -23,10 +23,11 @@ check_data:
   warn	!verify =	arc VALUE
 	INSERT
 
-  warn	logwrite =	arc_state: <$arc_state>
+  warn	logwrite =	arc_state:      <$arc_state>
+	logwrite =	arc_oldest_pass <$arc_oldest_pass>
+	logwrite =	domains:        <$arc_domains>
 	condition =	${if def:arc_state_reason}
-	logwrite =	reason:    <$arc_state_reason>
-	logwrite =	domains:   <$arc_domains>
+	logwrite =	reason:         <$arc_state_reason>
 
 .ifdef OPTION
   accept
diff --git a/test/log/4560 b/test/log/4560
index c94ef10e7..97677d4e3 100644
--- a/test/log/4560
+++ b/test/log/4560
@@ -1,19 +1,22 @@
 
 ******** SERVER ********
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 10HmaX-0005vi-00 arc_state: <pass>
-1999-03-02 09:44:33 10HmaX-0005vi-00 domains:   <test.ex>
+1999-03-02 09:44:33 10HmaX-0005vi-00 arc_state:      <pass>
+1999-03-02 09:44:33 10HmaX-0005vi-00 domains:        <test.ex>
+1999-03-02 09:44:33 10HmaX-0005vi-00 arc_oldest_pass <1>
 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss ARC id=qwerty1234@disco-zombie.net for a@test.ex
 1999-03-02 09:44:33 Start queue run: pid=pppp
 1999-03-02 09:44:33 10HmaX-0005vi-00 => a <a@test.ex> R=d1 T=tfile
 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
 1999-03-02 09:44:33 End queue run: pid=pppp
-1999-03-02 09:44:33 10HmaY-0005vi-00 arc_state: <none>
-1999-03-02 09:44:33 10HmaY-0005vi-00 domains:   <>
+1999-03-02 09:44:33 10HmaY-0005vi-00 arc_state:      <none>
+1999-03-02 09:44:33 10HmaY-0005vi-00 domains:        <>
+1999-03-02 09:44:33 10HmaY-0005vi-00 arc_oldest_pass <0>
 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss for za@test.ex
 1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmaZ-0005vi-00 arc_state: <pass>
-1999-03-02 09:44:33 10HmaZ-0005vi-00 domains:   <test.ex>
+1999-03-02 09:44:33 10HmaZ-0005vi-00 arc_state:      <pass>
+1999-03-02 09:44:33 10HmaZ-0005vi-00 domains:        <test.ex>
+1999-03-02 09:44:33 10HmaZ-0005vi-00 arc_oldest_pass <1>
 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=localhost (test.ex) [127.0.0.1] P=esmtp S=sss ARC for a@test.ex
 1999-03-02 09:44:33 10HmaY-0005vi-00 => a@test.ex <za@test.ex> R=fwd T=tsmtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00"
 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
@@ -22,19 +25,22 @@
 1999-03-02 09:44:33 10HmaZ-0005vi-00 => a <a@test.ex> R=d1 T=tfile
 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
 1999-03-02 09:44:33 End queue run: pid=pppp
-1999-03-02 09:44:33 10HmbA-0005vi-00 arc_state: <none>
-1999-03-02 09:44:33 10HmbA-0005vi-00 domains:   <>
+1999-03-02 09:44:33 10HmbA-0005vi-00 arc_state:      <none>
+1999-03-02 09:44:33 10HmbA-0005vi-00 domains:        <>
+1999-03-02 09:44:33 10HmbA-0005vi-00 arc_oldest_pass <0>
 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss for zza@test.ex
 1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmbB-0005vi-00 arc_state: <pass>
-1999-03-02 09:44:33 10HmbB-0005vi-00 domains:   <test.ex>
+1999-03-02 09:44:33 10HmbB-0005vi-00 arc_state:      <pass>
+1999-03-02 09:44:33 10HmbB-0005vi-00 domains:        <test.ex>
+1999-03-02 09:44:33 10HmbB-0005vi-00 arc_oldest_pass <1>
 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@bloggs.com H=localhost (test.ex) [127.0.0.1] P=esmtp S=sss ARC for za@test.ex
 1999-03-02 09:44:33 10HmbA-0005vi-00 => za@test.ex <zza@test.ex> R=fwd T=tsmtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbB-0005vi-00"
 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
 1999-03-02 09:44:33 End queue run: pid=pppp
 1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmbC-0005vi-00 arc_state: <pass>
-1999-03-02 09:44:33 10HmbC-0005vi-00 domains:   <test.ex:test.ex>
+1999-03-02 09:44:33 10HmbC-0005vi-00 arc_state:      <pass>
+1999-03-02 09:44:33 10HmbC-0005vi-00 domains:        <test.ex:test.ex>
+1999-03-02 09:44:33 10HmbC-0005vi-00 arc_oldest_pass <1>
 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@bloggs.com H=localhost (test.ex) [127.0.0.1] P=esmtp S=sss ARC for a@test.ex
 1999-03-02 09:44:33 10HmbB-0005vi-00 => a@test.ex <za@test.ex> R=fwd T=tsmtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbC-0005vi-00"
 1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
@@ -43,26 +49,30 @@
 1999-03-02 09:44:33 10HmbC-0005vi-00 => a <a@test.ex> R=d1 T=tfile
 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
 1999-03-02 09:44:33 End queue run: pid=pppp
-1999-03-02 09:44:33 10HmbD-0005vi-00 arc_state: <none>
-1999-03-02 09:44:33 10HmbD-0005vi-00 domains:   <>
+1999-03-02 09:44:33 10HmbD-0005vi-00 arc_state:      <none>
+1999-03-02 09:44:33 10HmbD-0005vi-00 domains:        <>
+1999-03-02 09:44:33 10HmbD-0005vi-00 arc_oldest_pass <0>
 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss for zmza@test.ex
 1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmbE-0005vi-00 arc_state: <pass>
-1999-03-02 09:44:33 10HmbE-0005vi-00 domains:   <test.ex>
+1999-03-02 09:44:33 10HmbE-0005vi-00 arc_state:      <pass>
+1999-03-02 09:44:33 10HmbE-0005vi-00 domains:        <test.ex>
+1999-03-02 09:44:33 10HmbE-0005vi-00 arc_oldest_pass <1>
 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@bloggs.com H=localhost (test.ex) [127.0.0.1] P=esmtp S=sss ARC for mza@test.ex
 1999-03-02 09:44:33 10HmbD-0005vi-00 => mza@test.ex <zmza@test.ex> R=fwd T=tsmtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbE-0005vi-00"
 1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
 1999-03-02 09:44:33 End queue run: pid=pppp
 1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmbF-0005vi-00 arc_state: <pass>
-1999-03-02 09:44:33 10HmbF-0005vi-00 domains:   <test.ex:test.ex>
+1999-03-02 09:44:33 10HmbF-0005vi-00 arc_state:      <pass>
+1999-03-02 09:44:33 10HmbF-0005vi-00 domains:        <test.ex:test.ex>
+1999-03-02 09:44:33 10HmbF-0005vi-00 arc_oldest_pass <2>
 1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@bloggs.com H=localhost (test.ex) [127.0.0.1] P=esmtp S=sss ARC for za@test.ex
 1999-03-02 09:44:33 10HmbE-0005vi-00 => za@test.ex <mza@test.ex> R=mlist T=tmlist H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbF-0005vi-00"
 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
 1999-03-02 09:44:33 End queue run: pid=pppp
 1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmbG-0005vi-00 arc_state: <pass>
-1999-03-02 09:44:33 10HmbG-0005vi-00 domains:   <test.ex:test.ex:test.ex>
+1999-03-02 09:44:33 10HmbG-0005vi-00 arc_state:      <pass>
+1999-03-02 09:44:33 10HmbG-0005vi-00 domains:        <test.ex:test.ex:test.ex>
+1999-03-02 09:44:33 10HmbG-0005vi-00 arc_oldest_pass <2>
 1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@bloggs.com H=localhost (test.ex) [127.0.0.1] P=esmtp S=sss ARC for a@test.ex
 1999-03-02 09:44:33 10HmbF-0005vi-00 => a@test.ex <za@test.ex> R=fwd T=tsmtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbG-0005vi-00"
 1999-03-02 09:44:33 10HmbF-0005vi-00 Completed
@@ -71,35 +81,40 @@
 1999-03-02 09:44:33 10HmbG-0005vi-00 => a <a@test.ex> R=d1 T=tfile
 1999-03-02 09:44:33 10HmbG-0005vi-00 Completed
 1999-03-02 09:44:33 End queue run: pid=pppp
-1999-03-02 09:44:33 10HmbH-0005vi-00 arc_state: <none>
-1999-03-02 09:44:33 10HmbH-0005vi-00 domains:   <>
+1999-03-02 09:44:33 10HmbH-0005vi-00 arc_state:      <none>
+1999-03-02 09:44:33 10HmbH-0005vi-00 domains:        <>
+1999-03-02 09:44:33 10HmbH-0005vi-00 arc_oldest_pass <0>
 1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss for zzmza@test.ex
 1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmbI-0005vi-00 arc_state: <pass>
-1999-03-02 09:44:33 10HmbI-0005vi-00 domains:   <test.ex>
+1999-03-02 09:44:33 10HmbI-0005vi-00 arc_state:      <pass>
+1999-03-02 09:44:33 10HmbI-0005vi-00 domains:        <test.ex>
+1999-03-02 09:44:33 10HmbI-0005vi-00 arc_oldest_pass <1>
 1999-03-02 09:44:33 10HmbI-0005vi-00 <= CALLER@bloggs.com H=localhost (test.ex) [127.0.0.1] P=esmtp S=sss ARC for zmza@test.ex
 1999-03-02 09:44:33 10HmbH-0005vi-00 => zmza@test.ex <zzmza@test.ex> R=fwd T=tsmtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbI-0005vi-00"
 1999-03-02 09:44:33 10HmbH-0005vi-00 Completed
 1999-03-02 09:44:33 End queue run: pid=pppp
 1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmbJ-0005vi-00 arc_state: <pass>
-1999-03-02 09:44:33 10HmbJ-0005vi-00 domains:   <test.ex:test.ex>
+1999-03-02 09:44:33 10HmbJ-0005vi-00 arc_state:      <pass>
+1999-03-02 09:44:33 10HmbJ-0005vi-00 domains:        <test.ex:test.ex>
+1999-03-02 09:44:33 10HmbJ-0005vi-00 arc_oldest_pass <1>
 1999-03-02 09:44:33 10HmbJ-0005vi-00 <= CALLER@bloggs.com H=localhost (test.ex) [127.0.0.1] P=esmtp S=sss ARC for mza@test.ex
 1999-03-02 09:44:33 10HmbI-0005vi-00 => mza@test.ex <zmza@test.ex> R=fwd T=tsmtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbJ-0005vi-00"
 1999-03-02 09:44:33 10HmbI-0005vi-00 Completed
 1999-03-02 09:44:33 End queue run: pid=pppp
 1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmbK-0005vi-00 arc_state: <fail>
-1999-03-02 09:44:33 10HmbK-0005vi-00 domains:   <test.ex:test.ex>
-1999-03-02 09:44:33 10HmbK-0005vi-00 reason:    <AMS body hash miscompare>
+1999-03-02 09:44:33 10HmbK-0005vi-00 arc_state:      <fail>
+1999-03-02 09:44:33 10HmbK-0005vi-00 domains:        <test.ex:test.ex>
+1999-03-02 09:44:33 10HmbK-0005vi-00 arc_oldest_pass <0>
+1999-03-02 09:44:33 10HmbK-0005vi-00 reason:         <AMS body hash miscompare>
 1999-03-02 09:44:33 10HmbK-0005vi-00 <= CALLER@bloggs.com H=localhost (test.ex) [127.0.0.1] P=esmtp S=sss for za@test.ex
 1999-03-02 09:44:33 10HmbJ-0005vi-00 => za@test.ex <mza@test.ex> R=mlist T=tmlist H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbK-0005vi-00"
 1999-03-02 09:44:33 10HmbJ-0005vi-00 Completed
 1999-03-02 09:44:33 End queue run: pid=pppp
 1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmbL-0005vi-00 arc_state: <fail>
-1999-03-02 09:44:33 10HmbL-0005vi-00 domains:   <test.ex:test.ex:test.ex>
-1999-03-02 09:44:33 10HmbL-0005vi-00 reason:    <i=3 (cv, sequence or missing header)>
+1999-03-02 09:44:33 10HmbL-0005vi-00 arc_state:      <fail>
+1999-03-02 09:44:33 10HmbL-0005vi-00 domains:        <test.ex:test.ex:test.ex>
+1999-03-02 09:44:33 10HmbL-0005vi-00 arc_oldest_pass <0>
+1999-03-02 09:44:33 10HmbL-0005vi-00 reason:         <i=3 (cv)>
 1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@bloggs.com H=localhost (test.ex) [127.0.0.1] P=esmtp S=sss for a@test.ex
 1999-03-02 09:44:33 10HmbK-0005vi-00 => a@test.ex <za@test.ex> R=fwd T=tsmtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbL-0005vi-00"
 1999-03-02 09:44:33 10HmbK-0005vi-00 Completed
@@ -108,19 +123,22 @@
 1999-03-02 09:44:33 10HmbL-0005vi-00 => a <a@test.ex> R=d1 T=tfile
 1999-03-02 09:44:33 10HmbL-0005vi-00 Completed
 1999-03-02 09:44:33 End queue run: pid=pppp
-1999-03-02 09:44:33 10HmbM-0005vi-00 arc_state: <none>
-1999-03-02 09:44:33 10HmbM-0005vi-00 domains:   <>
+1999-03-02 09:44:33 10HmbM-0005vi-00 arc_state:      <none>
+1999-03-02 09:44:33 10HmbM-0005vi-00 domains:        <>
+1999-03-02 09:44:33 10HmbM-0005vi-00 arc_oldest_pass <0>
 1999-03-02 09:44:33 10HmbM-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss for zza@test.ex
 1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmbN-0005vi-00 arc_state: <pass>
-1999-03-02 09:44:33 10HmbN-0005vi-00 domains:   <test.ex>
+1999-03-02 09:44:33 10HmbN-0005vi-00 arc_state:      <pass>
+1999-03-02 09:44:33 10HmbN-0005vi-00 domains:        <test.ex>
+1999-03-02 09:44:33 10HmbN-0005vi-00 arc_oldest_pass <1>
 1999-03-02 09:44:33 10HmbN-0005vi-00 <= CALLER@bloggs.com H=localhost (test.ex) [127.0.0.1] P=esmtp S=sss ARC for za@test.ex
 1999-03-02 09:44:33 10HmbM-0005vi-00 => za@test.ex <zza@test.ex> R=fwd T=tsmtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbN-0005vi-00"
 1999-03-02 09:44:33 10HmbM-0005vi-00 Completed
 1999-03-02 09:44:33 End queue run: pid=pppp
 1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmbO-0005vi-00 arc_state: <pass>
-1999-03-02 09:44:33 10HmbO-0005vi-00 domains:   <test.ex>
+1999-03-02 09:44:33 10HmbO-0005vi-00 arc_state:      <pass>
+1999-03-02 09:44:33 10HmbO-0005vi-00 domains:        <test.ex>
+1999-03-02 09:44:33 10HmbO-0005vi-00 arc_oldest_pass <1>
 1999-03-02 09:44:33 10HmbO-0005vi-00 <= CALLER@bloggs.com H=localhost (test.ex) [127.0.0.1] P=esmtp S=sss ARC for a@test.ex
 1999-03-02 09:44:33 10HmbN-0005vi-00 => a@test.ex <za@test.ex> R=fwd T=tsmtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbO-0005vi-00"
 1999-03-02 09:44:33 10HmbN-0005vi-00 Completed
@@ -131,16 +149,18 @@
 1999-03-02 09:44:33 End queue run: pid=pppp
 1999-03-02 09:44:33 10HmbP-0005vi-00 DKIM: d=dmarc.org s=clochette c=simple/simple a=rsa-sha256 b=1024 t=1517535263 [verification succeeded]
 1999-03-02 09:44:33 10HmbP-0005vi-00 DKIM: d=convivian.com s=default c=simple/simple a=rsa-sha256 b=1024 t=1517535248 [verification failed - body hash mismatch (body probably modified in transit)]
-1999-03-02 09:44:33 10HmbP-0005vi-00 arc_state: <fail>
-1999-03-02 09:44:33 10HmbP-0005vi-00 domains:   <convivian.com>
-1999-03-02 09:44:33 10HmbP-0005vi-00 reason:    <AMS body hash miscompare>
+1999-03-02 09:44:33 10HmbP-0005vi-00 arc_state:      <fail>
+1999-03-02 09:44:33 10HmbP-0005vi-00 domains:        <convivian.com>
+1999-03-02 09:44:33 10HmbP-0005vi-00 arc_oldest_pass <0>
+1999-03-02 09:44:33 10HmbP-0005vi-00 reason:         <AMS body hash miscompare>
 1999-03-02 09:44:33 10HmbP-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=dmarc.org id=1426665656.110316.1517535248039.JavaMail.zimbra@convivian.com for za@test.ex
 1999-03-02 09:44:33 Start queue run: pid=pppp
 1999-03-02 09:44:33 10HmbQ-0005vi-00 DKIM: d=dmarc.org s=clochette c=simple/simple a=rsa-sha256 b=1024 t=1517535263 [verification succeeded]
 1999-03-02 09:44:33 10HmbQ-0005vi-00 DKIM: d=convivian.com s=default c=simple/simple a=rsa-sha256 b=1024 t=1517535248 [verification failed - body hash mismatch (body probably modified in transit)]
-1999-03-02 09:44:33 10HmbQ-0005vi-00 arc_state: <fail>
-1999-03-02 09:44:33 10HmbQ-0005vi-00 domains:   <convivian.com:test.ex>
-1999-03-02 09:44:33 10HmbQ-0005vi-00 reason:    <i=2 (cv, sequence or missing header)>
+1999-03-02 09:44:33 10HmbQ-0005vi-00 arc_state:      <fail>
+1999-03-02 09:44:33 10HmbQ-0005vi-00 domains:        <convivian.com:test.ex>
+1999-03-02 09:44:33 10HmbQ-0005vi-00 arc_oldest_pass <0>
+1999-03-02 09:44:33 10HmbQ-0005vi-00 reason:         <i=2 (cv)>
 1999-03-02 09:44:33 10HmbQ-0005vi-00 <= CALLER@bloggs.com H=localhost (test.ex) [127.0.0.1] P=esmtp S=sss DKIM=dmarc.org id=1426665656.110316.1517535248039.JavaMail.zimbra@convivian.com for a@test.ex
 1999-03-02 09:44:33 10HmbP-0005vi-00 => a@test.ex <za@test.ex> R=fwd T=tsmtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbQ-0005vi-00"
 1999-03-02 09:44:33 10HmbP-0005vi-00 Completed
@@ -151,6 +171,7 @@
 1999-03-02 09:44:33 End queue run: pid=pppp
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
 1999-03-02 09:44:33 10HmbR-0005vi-00 H=(xxx) [127.0.0.1] Warning: ARC-FAIL
-1999-03-02 09:44:33 10HmbR-0005vi-00 arc_state: <none>
-1999-03-02 09:44:33 10HmbR-0005vi-00 domains:   <>
+1999-03-02 09:44:33 10HmbR-0005vi-00 arc_state:      <none>
+1999-03-02 09:44:33 10HmbR-0005vi-00 domains:        <>
+1999-03-02 09:44:33 10HmbR-0005vi-00 arc_oldest_pass <0>
 1999-03-02 09:44:33 10HmbR-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss for a@test.ex
diff --git a/test/log/4561 b/test/log/4561
index 59c644f30..3770b2d35 100644
--- a/test/log/4561
+++ b/test/log/4561
@@ -1,9 +1,10 @@
 
 ******** SERVER ********
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 10HmaX-0005vi-00 arc_state: <fail>
-1999-03-02 09:44:33 10HmaX-0005vi-00 domains:   <::test.ex>
-1999-03-02 09:44:33 10HmaX-0005vi-00 reason:    <i=2 (cv, sequence or missing header)>
+1999-03-02 09:44:33 10HmaX-0005vi-00 arc_state:      <fail>
+1999-03-02 09:44:33 10HmaX-0005vi-00 domains:        <::test.ex>
+1999-03-02 09:44:33 10HmaX-0005vi-00 arc_oldest_pass <0>
+1999-03-02 09:44:33 10HmaX-0005vi-00 reason:         <(sequence; expected i=1)>
 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=3885245d-3bae-66a2-7a1e-0dbceae2fb50@test.ex for a@test.ex
 1999-03-02 09:44:33 Start queue run: pid=pppp
 1999-03-02 09:44:33 10HmaX-0005vi-00 => a <a@test.ex> R=d1 T=tfile
diff --git a/test/log/4562 b/test/log/4562
index bfb1d9e46..2dfa9e459 100644
--- a/test/log/4562
+++ b/test/log/4562
@@ -2,12 +2,16 @@
 ******** SERVER ********
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=example.com s=sel c=relaxed/relaxed a=rsa-sha256 b=2048 [verification failed - body hash mismatch (body probably modified in transit)]
-1999-03-02 09:44:33 10HmaX-0005vi-00 arc_state: <none>
+1999-03-02 09:44:33 10HmaX-0005vi-00 arc_state:      <none>
+1999-03-02 09:44:33 10HmaX-0005vi-00 arc_oldest_pass <0>
+1999-03-02 09:44:33 10HmaX-0005vi-00 domains:        <>
 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net for za@test.ex
 1999-03-02 09:44:33 Start queue run: pid=pppp
 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=example.com s=sel c=relaxed/relaxed a=rsa-sha256 b=2048 [verification failed - body hash mismatch (body probably modified in transit)]
-1999-03-02 09:44:33 10HmaY-0005vi-00 arc_state: <pass>
+1999-03-02 09:44:33 10HmaY-0005vi-00 arc_state:      <pass>
+1999-03-02 09:44:33 10HmaY-0005vi-00 arc_oldest_pass <1>
+1999-03-02 09:44:33 10HmaY-0005vi-00 domains:        <test.ex>
 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=localhost (test.ex) [127.0.0.1] P=esmtp S=sss DKIM=test.ex ARC id=qwerty1234@disco-zombie.net for a@test.ex
 1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex <za@test.ex> R=fwd T=tsmtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
diff --git a/test/mail/4560.a b/test/mail/4560.a
index dcc30dffb..63b432784 100644
--- a/test/mail/4560.a
+++ b/test/mail/4560.a
@@ -61,7 +61,7 @@ This is a test body.
 From CALLER@bloggs.com Tue Mar 02 09:44:33 1999
 Authentication-Results: test.ex;
 	iprev=pass (localhost) smtp.client-ip=127.0.0.1;
-	arc=pass (i=2) header.s=sel arc.oldest-pass=2 smtp.client-ip=127.0.0.1
+	arc=pass (i=2) header.s=sel arc.oldest-pass=1 smtp.client-ip=127.0.0.1
 Received: from localhost ([127.0.0.1] helo=test.ex)
 	by test.ex with esmtp (Exim x.yz)
 	(envelope-from <CALLER@bloggs.com>)
@@ -114,19 +114,19 @@ This is a test body.
 From CALLER@bloggs.com Tue Mar 02 09:44:33 1999
 Authentication-Results: test.ex;
 	iprev=pass (localhost) smtp.client-ip=127.0.0.1;
-	arc=pass (i=3) header.s=sel arc.oldest-pass=0 smtp.client-ip=127.0.0.1
+	arc=pass (i=3) header.s=sel arc.oldest-pass=2 smtp.client-ip=127.0.0.1
 Received: from localhost ([127.0.0.1] helo=test.ex)
 	by test.ex with esmtp (Exim x.yz)
 	(envelope-from <CALLER@bloggs.com>)
 	id 10HmbG-0005vi-00
 	for a@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
 ARC-Seal: i=3; cv=pass; a=rsa-sha256; d=test.ex; s=sel;
-	 b=toV+uStte4whonmLSQreJpbH4aVVPtd+7SRqSC37YAIQugpQMe3V3RL+ThxRfxQHvAeGn5K9sh
-	  pRpkAdOrY38izcXtYx9aJw/kkSjsRHQURUFeIb5hk5RiqiKnQSPP17k5b+50IYVL1K7wGxWFza
-	  4a1dn6ILHMTRyax7sxgeCrs=;
+	 b=e7M+4ujsfzQumNrl/4TxXorL9CZosw/g881Ds0GRE5adcIum+IP7QubcIOVCPvUBUqypYDiLRp
+	  MROYzmkSCE2GIWuzaQP/3K5qLPyScqHJvS7IfRhccWQt1TsG7HVsAnHZnLQqtRqOH7txQMtjpy
+	  vtwBO70hk9GxKl9D/+cJ41k=;
 ARC-Authentication-Results: i=3; test.ex;
 	iprev=pass (localhost) smtp.client-ip=127.0.0.1;
-	arc=pass (i=2) header.s=sel arc.oldest-pass=0 smtp.client-ip=127.0.0.1
+	arc=pass (i=2) header.s=sel arc.oldest-pass=2 smtp.client-ip=127.0.0.1
 ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed; d=test.ex; s=sel;
 	bh=31zA4VNQZ2yhHUh+7vWASIL9kKqo6pSym1QghgPyUkM=;
 	h=Subject;
@@ -135,7 +135,7 @@ ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed; d=test.ex; s=sel;
 	  Iv0EvpWIFn7dpelS30IKk78=;
 Authentication-Results: test.ex;
 	iprev=pass (localhost) smtp.client-ip=127.0.0.1;
-	arc=pass (i=2) header.s=sel arc.oldest-pass=0 smtp.client-ip=127.0.0.1
+	arc=pass (i=2) header.s=sel arc.oldest-pass=2 smtp.client-ip=127.0.0.1
 Received: from localhost ([127.0.0.1] helo=test.ex)
 	by test.ex with esmtp (Exim x.yz)
 	(envelope-from <CALLER@bloggs.com>)
@@ -192,7 +192,7 @@ This is a generic mailinglist footer
 From CALLER@bloggs.com Tue Mar 02 09:44:33 1999
 Authentication-Results: test.ex;
 	iprev=pass (localhost) smtp.client-ip=127.0.0.1;
-	arc=fail (i=3 (cv, sequence or missing header))
+	arc=fail (i=3 (cv))
 Received: from localhost ([127.0.0.1] helo=test.ex)
 	by test.ex with esmtp (Exim x.yz)
 	(envelope-from <CALLER@bloggs.com>)
@@ -221,7 +221,7 @@ Received: from localhost ([127.0.0.1] helo=test.ex)
 	for za@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
 Authentication-Results: test.ex;
 	iprev=pass (localhost) smtp.client-ip=127.0.0.1;
-	arc=pass (i=2) header.s=sel arc.oldest-pass=2 smtp.client-ip=127.0.0.1
+	arc=pass (i=2) header.s=sel arc.oldest-pass=1 smtp.client-ip=127.0.0.1
 Received: from localhost ([127.0.0.1] helo=test.ex)
 	by test.ex with esmtp (Exim x.yz)
 	(envelope-from <CALLER@bloggs.com>)
@@ -321,7 +321,7 @@ Authentication-Results: test.ex;
 	dkim=pass header.d=dmarc.org header.s=clochette header.a=rsa-sha256;
 	dkim=fail (body hash mismatch; body probably modified in transit)
 		 header.d=convivian.com header.s=default header.a=rsa-sha256;
-	arc=fail (i=2 (cv, sequence or missing header))
+	arc=fail (i=2 (cv))
 Received: from localhost ([127.0.0.1] helo=test.ex)
 	by test.ex with esmtp (Exim x.yz)
 	(envelope-from <CALLER@bloggs.com>)
diff --git a/test/mail/4561.a b/test/mail/4561.a
index 55f56734f..38b81af1e 100644
--- a/test/mail/4561.a
+++ b/test/mail/4561.a
@@ -1,6 +1,6 @@
 From CALLER@bloggs.com Tue Mar 02 09:44:33 1999
 Authentication-Results: test.ex;
-	arc=fail (i=2 (cv, sequence or missing header))
+	arc=fail ((sequence; expected i=1))
 Received: from [127.0.0.1] (helo=xxx)
 	by test.ex with smtp (Exim x.yz)
 	(envelope-from <CALLER@bloggs.com>)