On 30 Sep 2005 at 13:07, OpenMacNews wrote about
"[exim] verified/authorized GPG sign":
| i've a class of users whom i've 'otherwise' verified that i'd like to have
| access to delivery to an Exim server, ultimately to a particular/specified
| user's mailbox.
|
| i've their email addresses, but do not wish to provide them authenticated
| access to the server.
Why not? That seems the simplest way by far to make sure they are
who they say they are. Giving them AUTH credentials doesn't have to
mean giving them relay or other privileges.
| if senderA is in listA
| and, if recipient IS userB
| and, the message is GPG signed(encrypted?)
| and, the GPG key for senderA is verified/checked (against key server?
| against a local listC?)
Assuming you have server_set_id in your authenticators, you can have
(continuing the pseudo-code):
deny if $authenticated_id is in listA and if recipient is NOT userB
in your RCPT TO: ACL to prevent these users from mailing anyone else.
That may be sufficient to prevent these users from doing anything
else authenticated users are normally allowed to do. But if it's
not, then where ever you currently have an "is authenticated" test,
change it to "is authenticated and $authenticated_id is NOT in
listA".
- Fred
