On 27 Oct 2010, at 13:11, [email protected] wrote: > Zitat von Mark Blackman <[email protected]>: > >> On 27 Oct 2010, at 13:02, Tomasz Chmielewski wrote: >> >>> Is it somehow possible to make Postfix add a digital signature to outgoing >>> emails? >>> >>> Most likely Postfix itself can't do it, but maybe there is some filter >>> (similar to amavis, or dkimproxy) which can be used with Postfix, which >>> lets digitally sign email (i.e. if From: is X1, sign with key K1)? >> >> That's a job for the MUA, not the MTA. There's no fraud-proof way for >> postfix to know who is sending the email. > > If username/password with TLS is enough there are fraud-proof ways do it > Postfix content-filter, if not be sure to use at least ID-cards class3 with > your MUA.
You're right, of course. I was overlooking that case and thinking of the more general internal unauthenticated relay case. I still suspect that's better done at the MUA level though, as the digital signature requires the use of a private key which should have a passphrase that only an interactive session can ask for. OTOH, you can imagine uses of digital signatures that are slightly less demanding than the case of an individual making legally-binding statements. - Mark
