David Favor wrote:
I'm currently running qpsmtpd-async.
I host many domains and I'd like to protect them all
against backscatter using something like this:
http://psg.com/~brian/software/authbounce/configure-authbounce.txt
to add a bounce key to each outgoing message of the form:
X-bounce-key: $mx-$number;$sender;$timestamp;$key
This requires all mail sent by every user to go through
qpsmtpd + exim on my local machine.
This appears to require I setup another instance of qpsmtpd which
will allow people to connect to the port via SSL, then somehow
authenticate their connection once, then each time they send email
their outgoing email will enter qpsmtpd. If the message is to be
delivered locally, then it is. If the message is external, it will
be queued to exim for delivery immediately or next queue run.
I don't see why they have to authenticate to anyone, nor that their
outbound email necessarily has to go anywhere near qpsmtpd. There is no
requirement that an outbound user or message has to "register" with the
inbound checker.
You have your outbounds (perhaps "bare" exim) sign the email, you have
your inbound qpsmtpd instances crypto-validate the signature hash and
compare the email-address field with the RCPT TO.
At most, you'd check that the e-mail address field in X-Bounce-key is
the same as RCPT-TO. No need to "register". The only reason you bother
is to prevent replay attacks against other users. Backscatter ain't
that smart ;-)
The qpsmtpd validation checker should be a pretty simple data hook
function. No persistent data required, except for the secret key
configuration.
If we were to do that here, we'd have our outbound sendmails insert the
headers, and qpsmtpds (injecting into different sendmail servers) check
them. No interaction between in and out required (except keeping keys
in sync).