At 1:55 AM 4/6/07, Russ Nelson wrote:
If you have software which is munging the message ... fix it.
My excuse for "munging" the message is that I'm running ezmlm lists,
with the qmail verh patch to add a customized "List-Unsubscribe"
header for each subscriber. There may be differences of opinion on
whether "munging" a message in that way is wise, but I think I want
to do it. Using the header exclusion patch provided by Richard Lyons
allows me to sign the messages when they are queued and still "munge"
them when they are sent.
Another option, as others have mentioned here, is to move the signing
function to qmail-remote, and Richard Lyons has also provided a patch
to do that. But, for reasons that may seem a little fuzzy, I still
prefer to sign messages when they are queued, rather when they are
sent.
One reason is it gives the sender more control over the signing
process, by being able to set the appropriate environment variables
when the message is injected. I'm not sure how necessary this is,
because I really want all my outgoing messages to be signed, but it
just seems like a good thing.
Another reason is that it seems "cleaner" and more efficient to sign
the message once when ezmlm queues it, rather than hundreds of times
when each subscriber's copy is delivered, and retried. I'm not sure
how much extra load that is, or whether it's really worth worrying
about, but eliminating the extra load just "sounds good".
So, at this point, I'm still a believer in the religion that
qmail-queue/qmail-dk is the appropriate place to sign messages, with
the modifications to allow for exclusion of munged headers. But if I
can't find a way to sign bounce messages with that scheme, I may have
to reconsider.
|