[ On Monday, October 18, 2004 at 08:34:20 (+0200), Jan-Peter Koopmann wrote: ]
> Subject: RE: [exim] Is there and logical reason to reject mail from: <> ?
>
> why exactly is using
> "envelope sender signature" bogus?
Well, unless you're going to break a rather large number of important
assumptions inherent in the SMTP protocol it simply cannot be
implemented in any sane and effective and secure manner. Period.
Even if you are willing to break all those assumptions there's still the
"little issue" of the fact that the SMTP envelope sender address is not,
and is/was not intended to be, any form of authentication or
authorisation mechanism. It is simply, and _only_, the address to which
last-ditch delivery error reports must (within the SMTP realm) be sent
to.
I.e. you'd not only be breaking a bunch of assumptions inherent in the
protocol's fundamental design, but you'd also be assuming that this
value is something that it is not.
You'd be much better off just using PGP end-to-end -- it would be a lot
less work even though it would mean teaching all your correspondents to
use it. Then you can reject (at SMTP time) every message which doesn't
seem to have been PGP signed/encrypted, and you can simply delete every
message that still comes through with a bogus signature. Problem solved.
Of course if you want to re-invent and implement some centralized
message handling system that can have this level of control, and then
convince everyone to use it, be my guest! :-)
--
Greg A. Woods
+1 416 218-0098 VE3TCP RoboHack <woods@???>
Planix, Inc. <woods@???> Secrets of the Weird <woods@???>
