On Mon, 2006-02-27 at 10:34 -0500, Chris Meadors wrote:
> Thanks to all who have helped. I have been correctly signing the
> envelope sender for seven days. Now I would like to start rejecting
> messages with bad or missing BATV signatures.
>
> I've seen a little discussion on the list and in the archives, but not
> enough of a full recipe for me to implement the rejections as I wish. I
> believe I need two separate ACL statements.
>
> First, at RCPT time I want to allow empty senders to unsigned addresses,
> as to not deny callouts. But I do want to deny old or invalid
> signatures. Actually if I could reject bad BATV signed addresses from
> any sender, not just empty, that would be even better.
For this I'm using in my acl_check_rcpt:
deny message = invalid or expired reverse path signature
senders = :
condition = ${prvscheck {$local_part@$domain}{BATVKEY}{1}}
!condition = $prvscheck_result
Which is pretty much strait from the spec.txt. And it does reject
expired or invalid signatures. But obviously only for messages from the
null sender. Can anyone think of a simple way to check all from all
senders for a signed recipient and reject if it is bad, but still allow
unsigned recipients to pass? This is so rewriting by prvscheck in the
redirect driver later on does not create an infinite number of aliases.
> Second, at DATA time I then want to deny any message from a null sender
> that does not have a BATV signed recipient.
Here is where I'm still really stumped. The messages heading out of
this server have their envelope sender signed. So now I want to reject
bounces to unsigned addresses.
I found in a post from Craig Whitmore in the thead, "Reject Straight
After Data Command".
acl_check_rcpt:
warn set acl_m6 = +localdomains
acl_check_data:
deny message = Invalid Bounce. This message did not come from here
log_message = Invalid Bounce
senders = :
condition = ${if eq {$acl_m6}{}{false}{true}}
But I don't understand what it is doing. Could someone attempt to
explain it to me?
Thanks,
Chris
