[Mimedefang] Learning about to preserve information when relaying
David F. Skoll
dfs at roaringpenguin.com
Tue Jun 8 10:01:50 EDT 2004
On Tue, 8 Jun 2004, Steffen Kaiser wrote:
> 1) Because the key (a random value) is used by a particular host, I trust
> it.
> 2) The host would, if it sends me mail, either add such header anew or
> overwrite an existing one; or remove the header at all.
> 3) When spooling the message, the header is removed.
Correct.
> "The key should be kept confidential, but it's not disastrous if it leaks
> out." That's because an outsider cannot slipstream the correct header,
> because:
> either the outsider cannot use the same IP than my trusted hosts or, if
> the mail gets relayed through one of the trusted ones, the key gets
> deleted or overwritten by the trusted host.
Right. It's not exactly military-grade security, but unless someone
can spoof your IP address, it's reasonable.
> A more "correct" (robust / secure) method would be to use certificates
> communicating between trusted hosts, right?
Yes. Something like Yahoo's DomainKeys scheme can be used to guarantee
that a message passed through a particular server. That's required
on the Internet, but in a more controlled network, a simpler (but less
secure) system is probably OK.
Regards,
David.
More information about the MIMEDefang
mailing list