Re: [exim] accepting email authenthicating on GPG/PGP signat…

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Leonardo Boselli
Fecha:  
A: exim-users
Asunto: Re: [exim] accepting email authenthicating on GPG/PGP signature
On Mon, 3 Mar 2014, Phil Pennock wrote:
> On 2014-03-03 at 17:58 +0100, Leonardo Boselli wrote:
>> Is possible to authenthicate the acceptance of e-email based on the GPG
>> signature, that is every message has a GPG signature, if the message
>> is signed by someone that is in the public keyring of MTA, and the
>> gignature is verifiesm, it is accepted, else is refused ?
> Yes. Not common, definitely for an unusual use-case, but Exim can do
> this.


Maybe unusual, but people sending e/mail could have to do from places
where the choice of the smtp server is restricted, so cannot affort a
a normal authenthication, outside payload ...

> Write a simple script which can handle the verification, and invoke it
> via ${run...} in the ACL hooked up to the DATA command, to be run after
> "CRLF.CRLF" is received and before the response is sent.


> If the volume of such mails is high enough, use a separate daemon to
> handle the verification and use ${readsocket} to communicate with it.


What is "high enough" ? expected traffic is about 3000 messages per day.
maybe 300 in the peak hour.
Have you know about some experiences ?

> Be aware that PGP verification is a fairly heavyweight operation and
> you'll want to do everything you can to filter out obvious gunk so that
> it doesn't get this far through your ACL checks, or you'll end up CPU
> DoSing your mail-server.
>
> -Phil
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>


--
Leonardo Boselli