hi all,
i've a class of users whom i've 'otherwise' verified that i'd like to have
access to delivery to an Exim server, ultimately to a particular/specified
user's mailbox.
i've their email addresses, but do not wish to provide them authenticated
access to the server.
one option i've considered for some access control is to gather their verified
GPG sigs, and -- somehow -- use them as a condition ...
e.g.
if senderA is in listA
and, if recipient IS userB
and, the message is GPG signed(encrypted?)
and, the GPG key for senderA is verified/checked (against key server?
against a local listC?)
but, frankly, haven't a clue yet as to how this would be done in Exim.
is this the domain of local_scan()? filters? ${run ...?
LOTS of hits googling on 'exim gpg', but it's mostly (so far) the scads of
gpg-keys that sign our messages ...
thoughts?
richard
