At 19:20 05/05/2000 +0100, you wrote:
>My requirements are :
> The service, once set up, should be as transparent as possible.
> The service is only needed to sign emails, not encrypt them.
> As this is a central mail relay, no users will be logged in.
> This is my main area of concern. I have to attempt to
> ensure that I can guarantee authenticity of a sender,
> prior to the signing process.
>
>Has anyone any thoughts?
You might like to take a look at TEA - Transparent Encryption Agent.
<
http://www.lemuria.org/Software/Tea/> It's very basic at the moment,
written in C, and just encrypts stuff. Look at the source for more info.
Or maybe take a look at "PGP Forwarding Server" - "...a server that
receives e-mail on behalf of a user, encrypt it automatically and sent it
off the users' real e-mail account." - <
http://pgpforwarder.sourceforge.net/>
I don't have any idea about how to guarantee the authenticity of the
sender; sorry (as a guess I would say that it's not humanly possible to
guarantee that they are who they are, but that's just after a quick bit of
thinking about it though).
Just to add a question of my own, here, to do with Exim & Procmail:- Would
it be possible to use Procmail in place of Exim's filtering (like the
mail_filter option) to filter the incoming (& possibly outgoing mail, too)
to & from an NT server? I'm thinking that Procmail would be better than
Exim with filtering, since that's what it's designed for (and
<
http://www.wolfenet.com/~jhardin/procmail-security.html> is nice - it can
rename all executable attachments).
Cheers & good luck with the PGP thing,
Kris (I just subscribed to exim-users today. Hello everyone :-) )
--
Kris Clarke | ab imo pectore
