On Mon, 3 Mar 2014, Phil Pennock wrote:
On 2014-03-03 at 17:58 +0100, Leonardo Boselli wrote:
Is possible to authenthicate the acceptance of e-email based on the GPG
signature, that is every message has a GPG signature, if the message
is signed by someone that is in the public keyring of MTA, and the
gignature is verifiesm, it is accepted, else is refused ?
Yes. Not common, definitely for an unusual use-case, but Exim can do
this.
Maybe unusual, but people sending e/mail could have to do from places
where the choice of the smtp server is restricted, so cannot affort a
a normal authenthication, outside payload ...
Write a simple script which can handle the verification, and invoke it
via ${run...} in the ACL hooked up to the DATA command, to be run after
"CRLF.CRLF" is received and before the response is sent.
If the volume of such mails is high enough, use a separate daemon to
handle the verification and use ${readsocket} to communicate with it.
What is "high enough" ? expected traffic is about 3000 messages per day.
maybe 300 in the peak hour.
Have you know about some experiences ?
Be aware that PGP verification is a fairly heavyweight operation and
you'll want to do everything you can to filter out obvious gunk so that
it doesn't get this far through your ACL checks, or you'll end up CPU
DoSing your mail-server.
-Phil
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
--
Leonardo Boselli
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
