On Friday, February 16 at 10:32 PM, quoth Matt Simpson:
Has anybody tried to make qmail sign bounce messages?
How about moving the DK-signing to qmail-remote? I haven't tried it,
but I've seen things like this:
http://test.frob.com.au/qmail/patches/qmail-1.03-remote-verh-dk.patch
I tried setting the DKSIGN and QMAILQUEUE variables in my qmail-send
startup script. That worked; bounce messages got signed.
Unfortunately, it caused legitimate messages to get bounced (but at
least the bounces were signed.) The problem seemed to occur with
messages that were forwarded or delivered via an alias. They were
bounced with a message saying:
Unable to forward message: mail server permanently rejected message
(#5.3.0).
Hmmm, find out why DK is rejecting those. In the default qmail-dk,
that message will be generated when:
1. verifying messages with bad DK syntax
2. Unreadable control files
3. dk_sign/dk_verify library functions return NULL
Of the three, the only one you can really do anything about is make
sure that all the various pieces/users of qmail can read the qmail-dk
control files.
~Kyle
--
It is a dogma of faith that the demons can produce wind, storms, and
rain of fire from heaven.
-- St. Thomas Aquinas
pgpWamE6nqBc2.pgp
Description: PGP signature
|