[Mimedefang] Learning about to preserve information when relaying

David F. Skoll dfs at roaringpenguin.com
Tue Jun 8 10:01:50 EDT 2004


On Tue, 8 Jun 2004, Steffen Kaiser wrote:

> 1) Because the key (a random value) is used by a particular host, I trust
> it.
> 2) The host would, if it sends me mail, either add such header anew or
> overwrite an existing one; or remove the header at all.
> 3) When spooling the message, the header is removed.

Correct.

> "The key should be kept confidential, but it's not disastrous if it leaks
> out." That's because an outsider cannot slipstream the correct header,
> because:

> either the outsider cannot use the same IP than my trusted hosts or, if
> the mail gets relayed through one of the trusted ones, the key gets
> deleted or overwritten by the trusted host.

Right.  It's not exactly military-grade security, but unless someone
can spoof your IP address, it's reasonable.

> A more "correct" (robust / secure) method would be to use certificates
> communicating between trusted hosts, right?

Yes.  Something like Yahoo's DomainKeys scheme can be used to guarantee
that a message passed through a particular server.  That's required
on the Internet, but in a more controlled network, a simpler (but less
secure) system is probably OK.

Regards,

David.



More information about the MIMEDefang mailing list