I was thinking: pidentd encrypts the normal tap information before sending it to the
requesting device. this is largely to
prevent forgeries (your machine hacked my box, etc, etc, etc)
and if you haven't gotten some little boy to cry wolf to you; chances are you're just
lucky.
but unfortunatly, when I tell other admins (even the ones who have had legitimate
problems) to to a ident/tap scan, i get way
too mixed of results.
so i got to thinking: when the message is accepted for delivery, supply a header in
the form of:
X-HostID-Inet-XXXXXXXX: [key]
where XXXXXXXX is the hex form of the local machines' ip address. for IPV6 and other
transports, something similar can
probably be used. This cooky looking header would be necessary to avoid confusing
other MTA/MUA's...
the key would be some encrypted goodies (such as)
local user (if it came from qmail-inject or qmail-queue)
remote ip address (if it was relayed -- appropriately or not)
supplied username (from pre-pop'd authentication, or my smtp auth patches:
www.nimh.org/code.shtml)
date and time
now, only the machine who IS host ID XXXXXXXX would be able to decipher the key, and
thus know whether or not the
angry admin has had a legitimate spam concern (and we should disable the account), or
whether they're full of shit.
Of course, these extremes haven't been quite necessary for me yet (otherwise I would
have implimented it a while ago), as
the absolute worst complaint I got was from someone who sent me a message with
Sendmail 8.6's Received: headers.
Is this important to anyone? Anyone have suggestions? Thoughts?
Or have I had too much to drink?
