On 6/27/05, Sorin Pop <[EMAIL PROTECTED]> wrote:
> On 6/27/05, Dallas L. Engelken <[EMAIL PROTECTED]> wrote:
> > >
> > > The only problem that I can think of now, is how to
> > > determine if mail is delivered local, or it is delivered
> > > remote (to sign it or to check it), since --local-domains
> > > isn't good enough. I was thinking of some way to read the
> > > domains from rcpthosts and know which domains are local (will
> > > check the signature) and which are not (will have to sign
> > > them). Also to check if the mail is sent from local to local
> > > and sign it, afterwards check it :))))
> > >
> >
> >
> > I think the problem here is that in qmail-scanner, you get all the
> > recips in $recips like "[EMAIL PROTECTED]@domain2.com\0" - so,
> > the problem you run into here is that recip #1 might be remote and recip
> > #2 might be local. A function that checked all recips to be either all
> > local (check) or all remote (sign) would be fine, but when you have
> > mixed mode, you really cant do anything with it.
> >
> As I was telling it will sign all mails sent with it, even if the
> domains are local or not. Since the local mail will than be recived
> and checked for DK signature
>
> Ie:
>
> for each mail(rcpt,bcc,cc)
> if from_local_domain to_local_domain (foreach... twice :)) )
> if DK_Signed check for it
> else DK_Sign_it
> elsif from_local_domain to_remote_domain (foreach... once :)) in from header)
> else DK_Sign_it
> else (if from_remote_domain to_local_domain (foreach... once :)) in to header)
> if DK_Signed check for it
Wrong :D
Outgoing:
>From "Local" -> Local Sign (if not signed, if signed
it is Incomming(check it))
-> Remote Sign
-> Local & Remote Sign (for local delivery check
local->local since it will be singed on incomming, no?)
Incomming:
>From "Remote" -> Local (if signed and local) Check
-> Remote (Open Relay) (Customize [Drop/Forward])
Guess it's better
Regards,
Sorin
>
> > IMO, Your best best is a patch to qmail-remote.c that 'signs' the domain
> > key at that point as its leaving your system.
> >
> Maybe but I want to integrate it in qmail-scanner so I cannot patch
> qmail-remote, since qmail-local handles incoming and outgoing mails
>
> > Dallas
> >
> >
>
> What do you say? Is it ok?
> Regards,
> Sorin
>
> >
> > -------------------------------------------------------
> > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
> > from IBM. Find simple to follow Roadmaps, straightforward articles,
> > informative Webcasts and more! Get everything you need to get up to
> > speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id�492&opclick
> > _______________________________________________
> > Qmail-scanner-general mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
> >
>
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id�492&op=click
_______________________________________________
Qmail-scanner-general mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
