[Mimedefang] Mimedefang + Spamassassin but no X-Spam-Score
I've been getting emails with bad attachments being dropped by Mimedefang. The issue is that the email is SPAM but is not being tested by Spamassassin since there doesn't seem to be an X-Spam-Score in the headers. The original message size is about 120KB according the sendmail logs. Is it a Mimedefang config option that I'm missing? I would like Mimedefang to still have Spamassassin test the email even if there was a dropped attachment. Thanks. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] PGP encyption of outging email
On Thu, 2009-05-07 at 09:17 +0100, Paul Murphy wrote: > Steffan wrote: > > > I wonder why you don't want to encrypt/sign in the MUA. It is more > > flexible and, well, works most of the time. > > Because users are incapable of getting it right, and the time they forget to > encrypt the message may also be the time they send company B's confidential > data to company A. You might want to consider checking that the message is encrypted and rejecting if it is not. That's probably WAY simpler and has the side-effect of educating users on your policy. Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] PGP encyption of outging email
Steffen Kaiser wrote: > On Wed, 6 May 2009, pete wrote: > >> Is there a method for encrypting outgoing email using PGP (or other >> methods). I am thinking of doing this on a per recipient basis. I.e encrypt >> email to people I regularly email and leave plain the rest. > > If you search CPAN, you find tons of PGP / GnuPG modules unfortunatly. I > made a quick search for PGP & MIME (so you don't fiddle with the MIME > structure yourself) and there are a few as well, e.g. Mail::GnuPG. > > The most problem I see is that you have to open your secret key to > MIMEDefang. As I understand your mail so, that you are using a > single-person system, this drops down to how secure your server is and if > you trust the system to hold your key without passphrase or in > pgp-agent. To encrypt outgoing email only public key (of the recipient) is required. Secret/private key (of sender) is required for *signing*. > [...] -- [pl>en: Andrew] Andrzej Adam Filip : a...@onet.eu The time spent on any item of the agenda [of a finance committee] will be in inverse proportion to the sum involved. -- C. N. Parkinson ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] PGP encyption of outging email
Steffan wrote: > I wonder why you don't want to encrypt/sign in the MUA. It is more > flexible and, well, works most of the time. Because users are incapable of getting it right, and the time they forget to encrypt the message may also be the time they send company B's confidential data to company A. At one point I was seeing ~10 messages per week which the users had forgotten to encrypt, and I saw 2 in 6 months go to the wrong company without encryption. I looked at this a long time ago, and got a system working which verified that messages to and from designated domains were encrypted. It was a bit messy, but it worked. It also ensured that the corporate key had been included in the encryption targets, so we could enforce use of this key for message recovery purposes. It did this by trying to decrypt any encrypted parts using the corporate key. Coincidentally, this also stopped employees using encryption to any domain except those we expressly permitted it to - otherwise our confidential data could walk out of the door, and we'd be none the wiser. The issue, as Steffan has already pointed out, is that you have to trust your mail server with the passphrase to your private key, or in our case, to the company's private key. In our circumstances, this was more acceptable than the breaches of security caused by incapable users, but you may not be able to make that argument. Best Wishes, Paul. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] PGP encyption of outging email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 6 May 2009, pete wrote: Is there a method for encrypting outgoing email using PGP (or other methods). I am thinking of doing this on a per recipient basis. I.e encrypt email to people I regularly email and leave plain the rest. If you search CPAN, you find tons of PGP / GnuPG modules unfortunatly. I made a quick search for PGP & MIME (so you don't fiddle with the MIME structure yourself) and there are a few as well, e.g. Mail::GnuPG. The most problem I see is that you have to open your secret key to MIMEDefang. As I understand your mail so, that you are using a single-person system, this drops down to how secure your server is and if you trust the system to hold your key without passphrase or in pgp-agent. If the mail has more than one recipient, you need to use "stream_by_recipient()" (or similiar) to have all recipients receiving either encrypted or not. Depending on the module you need to encrypt either in filter() each part or in filter_end() the message awhole. BTW: You wrote "encrypt", if you really mean "encrypt" rather than "sign", you need to have the public keys of the recipients, maybe from a keyserver, and if there are multiple recipients, you need to think about if you encrypt for all recipients (and yourself) and send one copy of the mail to all or send one mail per recipient (using stream_by_recipient()). Long time ago I looked at to sign the first text part of each outgoing message using PGP, but we dropped the idea after initial stage because of the security problems of the private keys. I wonder why you don't want to encrypt/sign in the MUA. It is more flexible and, well, works most of the time. Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSgKQ6tlJzF6z/k3SAQJF8gf+N9rAMDxHm50NaRTn3VCyxqM1VZUXe5GR Yzwrx25g0JBxzDp1kpmsYjy4E6mD4CNT61ymKa3pFIZ7hNOkpFjhJc8gy5shEuHs FRDo7GZGWtbSHpUVesrpJi+02dZ+iDXZcMwgMch3uKh3cAqJsBMafaxPP/GhgKH1 CniS+dc8EzIi+f/OzIvfsdqNt5QmgkzwfIanqTZJC0kbNARQos//OmTHQRys9pDD R3viKrJoJt9FukVKJ0MtQAS9D1xqYpRWd7ClxFR5OaDweiMCQszqN+yI0vngdVze Wy6XPHVVjEiUUJ5dXAodWXrEpBsiOI3h0jIFFo7cJrPOKA9r8vEO4g== =7R0I -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang