I agree a log indicator would be good (and easy to add). spamdyke doesn't add any headers presently, though I've gotten several requests along those lines.
I haven't looked very hard at DKIM (yet) so I'm not entirely sure how it works, but I thought it was an authentication system for the sending mail server, not the email author or message content. In any case, most signature systems for email don't use the headers for calculating checksums. If they did, there'd be problems all over with standard "Received" headers, SpamAssassin headers, etc. -- Sam Clippinger Eric Shubert wrote: > Eric Shubert wrote: > >> Eric Shubert wrote: >> >>> The todo file has a handfull of nice logging enhancements. Here's another. >>> >>> It'd be nice to have some indicator in the log of whether TLS was used >>> on each session or not. This would allow easy verification that TLS is >>> working on each message coming in. >>> >>> Thanks Sam. >>> >> There's another aspect to this that Aleksander on the QMT list came >> across. He noticed that when spamdyke's doing the TLS encryption, >> there's no longer any indication in the message header that the message >> was encrypted as it was received. When qmail (patched with TLS) accepts >> a message using TLS, it notes that the message was received with >> encryption. Since spamdyke is passing the message in clear text to >> qmail, qmail no longer notes that TLS was used, even though spamdyke is >> dutifully decoding the encrypted session. >> >> The bottom line to this is that there's no practical way to audit that >> TLS is being used, or was used on a given message. I think this is a >> significant shortfall, while more so in some environments than others. >> >> Would it be possible for spamdyke to add a Received-spamdyke header of >> some sort that would indicate whether or not TLS was used? I imagine >> that other relevant information about spamdyke could be included, but I >> think Sam would have better ideas about this than I do. >> >> Thanks again Sam. >> >> > > Alexsander just pointed out that it probably won't be possible for > spamdyke to add a received header to the message, as this would break > DKIM. Looks like the only way to preserve the qmail encryption message > in the headers would be to pass the message on to qmail using TLS if > it's available (and only when spamdyke is using TLS with the sender of > course). I'm not sure if the additional overhead would be worth it or > not, but I expect not. It sure be nice though if the security of a > message could be validated by examining its headers. > > Having an indication in the log is looking to be more important in light > of this. > > Any ideas, Sam? > _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
