Re: [Exim] identification of the server

On 2000-08-19 at 19:26 +0100, Andre Grueneberg gifted us with:
> I need an Exim delivering mail to identify whether the server it sends
> the mail to is the correct host.

> Someone with a better idea? ;))

First director on the server; autoreply, with "condition" matching.
Have local_user = "ping", and the first couple of conditions some basic
client checks (such as IP); using ${if and {}{} {}{}} this
short-circuits the final, expensive, check which could potentially be a
DoS.

Perhaps using an external program, perhaps embedded perl (my preference,
because I can see how to do it), you have the final check be to check
the GPG/PGP signature on the message to make sure that it's you. If
these conditions all match, the reply will be generated. Use the 'text'
option for the reply, and again have it use embedded perl, to produce a
message which is GPG/PGP signed, _including_the_original_message_ - to
prevent replay attacks.

On the client side, use a queryprogram router (note caveats about system
load, etc). Have the program generate a random message, sign it, send
it, wait a given time for a reply, check that it's signed with the
server's key and if so, reply to Exim that everything is okay. The
sending of the message will probably need to use
"exim -C alternateconfig" in order to actually get the message out.

You end up with a hung Exim on the client for the duration of the check;
you probably want a caching mechanism with a timeout.

How's your perl? :^) Because theoretically, I think that this would
all work. In a sick and twisted way.
--
"We've got a patent on the conquering of a country through the use of force.
We believe in world peace through extortionate license fees." -Bluemeat