Re: [Exim] Adding a header only if sender was authenticated?

Αρχική Σελίδα
Αυτό το μήνυμα είναι μέρος του ακόλουθου νήματος:
Mτο πλήρες δέντρο νημάτων ταξινομημένο κατά ημερομηνία
M\Nico Erfurth στο <-
MMj2 στο ->
Delete this message
Reply to this message
Συντάκτης: Hanasaki JiJi
Ημερομηνία:  
Υ/ο: exim-users@exim.org
Αντικείμενο: Re: [Exim] Adding a header only if sender was authenticated?
MD5 is symetric key. That is obscured but still forgeable. Asysmetric
key pairs are needed.

x.509 pub/private keys

Nico Erfurth wrote:
> On Sun, 26 Jan 2003, j2 wrote:
>
>
>>>In your MAIL ACL add
>>>
>>>warn message = X-Authenticated-As: $authenticated_id
>>>     authenticated = *

>>
>>Thanks. That was easy enough, but.. is there any way to de-spoof that? As in
>>i just relized that anyone could fake such a header in a mail, correct?
>
>
>
> You could use some md5-hashing to make it more secure.
>
> warn message = X-Authenticated-As: $authenticated_id \
>                (${md5:Secret$authenticated_id})
>      authenticated = *

>
> This will allow you to check the value later, if needed.
> or you add two headers, like
>
> warn message = X-Authenticated-As: $authenticated_id \n\
>                X-Authenticated-As-Hash: ${md5:Secret$authenticated_id}
>      authenticated = *

>
> this will make the check itself a bit easier.
>
> Nico
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>



Το μήνυμα αυτό δημοσιεύτηκε στις ακόλουθες λίστες:
Exim-users
Πληροφορίες για τις Ταχυδρομικές λίστες | Κοντινά μηνύματα		<-Re: [Exim] Adding a header only if sender was authenticated?Re: [Exim] Adding a header only if sender was authenticated?->
Tahini and Hummus and Cumin Development Archives διαχειριζόμενη από cumin AdminsLurker (έκδοση2.3)