Eric Shubert wrote: > The todo file has a handfull of nice logging enhancements. Here's another. > > It'd be nice to have some indicator in the log of whether TLS was used > on each session or not. This would allow easy verification that TLS is > working on each message coming in. > > Thanks Sam.
There's another aspect to this that Aleksander on the QMT list came across. He noticed that when spamdyke's doing the TLS encryption, there's no longer any indication in the message header that the message was encrypted as it was received. When qmail (patched with TLS) accepts a message using TLS, it notes that the message was received with encryption. Since spamdyke is passing the message in clear text to qmail, qmail no longer notes that TLS was used, even though spamdyke is dutifully decoding the encrypted session. The bottom line to this is that there's no practical way to audit that TLS is being used, or was used on a given message. I think this is a significant shortfall, while more so in some environments than others. Would it be possible for spamdyke to add a Received-spamdyke header of some sort that would indicate whether or not TLS was used? I imagine that other relevant information about spamdyke could be included, but I think Sam would have better ideas about this than I do. Thanks again Sam. -- -Eric 'shubes' _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
