On Mon, 2007-07-30 at 14:39 +0100, Mike Cardwell wrote: > Mike Cardwell wrote: > > > Is my understanding correct? If so, what is the amount of time until > > expiry? I can't see anywhere to configure this so I'm guessing I've > > either misunderstood how it works, or the value is hardcoded and > > unchangable? > > Ok. I dug through expand.c and found what looked like the right place. > Seems to be hardcoded to 7 days. I just skipped my system date forward 6 > days and 8 days respectively to test this, and it is confirmed.
That's where I found it too, and the same number I discovered. > I think this information belongs in the documentation somewhere? > > > Also, in the examples I've seen in the documentation and on the wiki > > there are different, "secrets", for each sender address. Is that > > necessary? I don't see the logic behind it... > > I'd still like an answer on this one if possible? I always thought that the example in the spec.txt was over-kill. Something that would be deployed on a server that allowed each user to individually enable BATV for their self, and select their own hash key. I just went with a single macro defined secret in my conf and enabled BATV for one entire domain. I suppose having the same one-way hash performed for all users could possible provide more information to someone wanting to forge your BATV return-path. But what would that gain them? The ability to send your users bounces? BATV is not externally verifiable so forging it does not allow someone to impersonate your server to anyone but your own server. That coupled with the time it would take to brute force the secret from the hash (even with multiple samples) really makes it seem pretty safe to use the same secret domain-wide. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
