On Wed, 9 Feb 2005, [UTF-8] Sebastian Jäschke wrote: > I'm really new to mimedefang and wonder if the following is possible:
> We need sendmail to sign every email from a specific sender (authed > by SMTP auth) with a default PGP key. This emails contains always > text and a pdf attachment. That's a really bad idea. You've now lowered the security of the signature to the security of SMTP AUTH, and I'm willing to bet that the person's password for SMTP AUTH is a lot weaker than his/her PGP passphrase. Also, this means you need some mechanism for unattended signing, which means if the Sendmail machine is ever compromised, an attacker can sign arbitrary files. Regards, David. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
