On Wednesday, April 4 at 02:03 PM, quoth Charles Cazabon:
Matt Simpson <net-qmlist@jmatt.net> wrote:
[...]
There are still some issues with qmail-dk. One that I recently
encountered was not being able to sign bounce messages. I still
haven't resolved that one.
Not being up on DK, I could be wrong -- but wouldn't it be
impossible for any DK implementation? A bounce message has a null
return path, so there's no domain to look up in DNS to get the right
keys...
The DK header itself tells you what domain to look up. It doesn't have
to be the same as the return address, either. Thus, when forwarding
messages through your server, you can still sign them (certifying that
they went through your server). A message can end up with multiple DK
signatures that way, but that's not a bad thing. If anything, it means
there's more verifiable information about the path of the email.
~Kyle
--
'We hold these truths to be self-evident,' they said, 'that all men
are created equal.' Strange as it may seem, that was the first time in
history that anyone had ever bothered to write that down. Decisions
are made by those who show up.
-- Jed Bartlet, The West Wing
pgplToqC7zupF.pgp
Description: PGP signature
|