Hello,
I'm merely trying verify that a particular message has been already scanned by a trusted mailserver, so I can rely on the correctness of certain header information, e.g. Spam status and absense of scannable virii.
My base is this: http://lists.roaringpenguin.com/pipermail/mimedefang/2003-February/013267.html and, of course, the man page.
So, I guess the security here is:
1) Because the key (a random value) is used by a particular host, I trust it.
2) The host would, if it sends me mail, either add such header anew or overwrite an existing one; or remove the header at all.
3) When spooling the message, the header is removed.
"The key should be kept confidential, but it's not disastrous if it leaks out." That's because an outsider cannot slipstream the correct header, because:
either the outsider cannot use the same IP than my trusted hosts or, if the mail gets relayed through one of the trusted ones, the key gets deleted or overwritten by the trusted host.
Did I understood it correctly??
A more "correct" (robust / secure) method would be to use certificates communicating between trusted hosts, right?
Bye,
-- Steffen Kaiser _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
