Re: [exim] accepting email authenthicating on GPG/PGP signat…

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Mike Cardwell
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] accepting email authenthicating on GPG/PGP signature
* on the Tue, Mar 04, 2014 at 01:52:05PM +0100, Heiko Schlittermann wrote:

>>> Is possible to authenthicate the acceptance of e-email based on the GPG
>>> signature, that is every message has a GPG signature, if the message
>>> is signed by someone that is in the public keyring of MTA, and the
>>> gignature is verifiesm, it is accepted, else is refused ?
>>
>> I did something similar in the past (contract work), but with S/MIME
>> rather than PGP, and it just added a header to the email if S/MIME
>> verification passed, rather than using it for authentication.
>>
>> I suspect it would be quite easy to write an embedded Perl script to do
>> this using Mail::GnuPG. In Exim in the DATA ACL you would check if
>> $message_body contains "-----BEGIN PGP SIGNATURE-----" and if it does,
>> feed $message_headers and $message_body into the script.
>
> $message_body contains the initial portion of the body only! Newlines
> are converted into spaces.
>
> There are some related options though, message_body_visible,
> message_body_newlines
>
> May be
>
>     message_body_visible = $message_body_size

>
> is tempting, but, as I understand the spec, this global option
> is not expanded and defaults to 500.


Yes, I didn't feel it necessary to go into that level of detail.

message_body_newlines = true
message_body_visible = whatever you set message_size_limit to.

I assume this needs to support both inline PGP *and* PGP/MIME.
Mail::GnuPG handles MIME parsing, decoding and both types of PGP
verification all in one.

-- 
Mike Cardwell  https://grepular.com/     http://cardwellit.com/
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3  B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1  BF1B 295C 3C78 3EF1 46B4