Carlos Lopez wrote: > You all can also use http://www.infire.com/2.0/?l=en&d=0&t=perlfilter_dkim > I've been using it since last year and it worked nice.
I installed it today and I would not recommend it. It simply looks at the From: header of the mail and compares it to a list of a domains in its configuration file. If the From: header matches, it signs the mail. In enablefiltering I only have transport options: esmtp, local, uucp. Since I'm not sitting on the server, I need esmtp under all circumstances. So you see what happens if I'm not using SPF: you fake a mail from me and send it from any server in Farawaystan to any user on any of the domains that I host, the mail arrives by esmtp, perlfilter_dkim gets invoked, checks the From: header and adds a valid signature to the forgery that's just about to be delivered. I won't go into what happens next, when the forgery, now with a valid DKIM signature from a local domain, travels on through maildrop and spamassassin on its way to the recipient's mailbox. A mechanism which is meant to guarantee integrity but is willing to sign any forgery, has defeated its own purpose. zdkimfilter seems to have the right approach. It "checks whether the message has been accepted with RELAYCLIENT permission. If so, and there is an authenticated user," it proceeds to sign the message. Z (now having to undo and redo everything) ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
