Autor: Phil Pennock Data: A: Leonardo Boselli CC: exim-users Assumpte: Re: [exim] accepting email authenthicating on GPG/PGP signature
On 2014-03-03 at 17:58 +0100, Leonardo Boselli wrote: > Is possible to authenthicate the acceptance of e-email based on the GPG
> signature, that is every message has a GPG signature, if the message
> is signed by someone that is in the public keyring of MTA, and the
> gignature is verifiesm, it is accepted, else is refused ?
Yes. Not common, definitely for an unusual use-case, but Exim can do
this.
Write a simple script which can handle the verification, and invoke it
via ${run...} in the ACL hooked up to the DATA command, to be run after
"CRLF.CRLF" is received and before the response is sent.
If the volume of such mails is high enough, use a separate daemon to
handle the verification and use ${readsocket} to communicate with it.
Be aware that PGP verification is a fairly heavyweight operation and
you'll want to do everything you can to filter out obvious gunk so that
it doesn't get this far through your ACL checks, or you'll end up CPU
DoSing your mail-server.