Re: [Exim] help with configuration

Top Page
Delete this message
Reply to this message
Author: Wakko Warner
Date:  
To: Nico Erfurth
CC: gul, exim-users
Subject: Re: [Exim] help with configuration
> AFAIK you can't, but I've just got an nice idea ....
>
> Basicly, use the dnsdb-lookup, and add a special TXT record to your
> zonefiles, maybe something like this
>
> example.com     TXT SECRET_TEXT

>
> where SECRET_TEXT is the result of
>
> echo -n "YourSecretPassword|example.com" | md5sum
>
> with some lookup like this, you should be able to verify that the domain
> is managed by your server.
>
> ${if eq {${lookup dnsdb {$domain}{$value}{}}} \
>          {$md5:YourSecretPassword|$domain} {1}{0}}


Wouldn't hmac be better suited for this?

Instead of the echo above, for hmac, you can issue
exim -be '${hmac{md5}{secretpass}{example.com}}'

and checking it is obviously similar.

> This will lookup the md5sum from the domain's TXT-record, and compare it
> to the md5sum generated by your password and the domain-name, you can
> use this in any condition-statement, where $domain is set.
> By using the md5sum and a secret password, the whole thing should be
> secure against any kind of abuse.
>
> Well, maybe there are better ways, but this should work ;)


Interesting idea.

Wanna know how I did the several domains we have where I work? Once I tell
the primary about the domain, the secondary is instantly a relay for it.

--
Lab tests show that use of micro$oft causes cancer in lab animals