#11 Add SMTP AUTH support options to dk-fillter

closed-fixed
5
2004-07-23
2004-07-21
No

In many ISP scenarios, a central dk-signing server will
be configured to only sign if a user has successfully
sent the message using SMTP AUTH. At other sites, you
might see a more flexible policy where the signing
server will dk-sign the message either if it matches
the internal list of IP addresses, or if the user SMTP
AUTHs.

In either case, this will be a very important method of
determining whether a server administration wishes to
take the "responsibility" of signing the message.

So, it would seem to make sense to create a startup
flag to dk-filter that would automatically sign under
one of the following conditions (options?):

- if user sent message successfully using SMTP AUTH
- if user sent message successfully using SMTP AUTH && the
source IP was within the internal IP list
- if user sent message from an IP within the internal
IP list

And then later, you might even add an option for:
- if user sent message using a specific, recognized
(authorized) TLS
certificate

Just some thoughts, thanks,

Thom O'Connor

Discussion

  • Richard Rognlie

    Richard Rognlie - 2004-07-21

    Logged In: YES
    user_id=84103

    I think SMTH AUTH support is in place, but buggy.

    msk is checking for the variable {auth_author} and I think
    the proper variable is {auth_authen}

    sometimes auth_author is NOT set even though the user has
    AUTHed.

    I state this because.

    1. I have dk-filter running on localhost and it works
    2. however, on a mozilla connection (where I AUTH), it
    didn't sign.
    However, looking at the Received: line, I see

    (authenticated as rrognlie (0 bits))

     
  • Anonymous - 2004-07-21

    Logged In: YES
    user_id=1048957

    (moved to Feature Requests)

    If I'm reading your request correctly, this went into 0.1.7.
    For signing to happen, the sender's domain and origin
    (client connection) must both meet certain criteria. In the
    latter case, the origin is OK for signing if any one of
    these is true:

    (a) {auth_author} is not NULL
    (b) the client hostname is an internal host (see "-i")
    (c) the client IP is an internal host (see "-i")

    If {auth_author} is the wrong variable to use, it's easily
    changed. I may have just chosen poorly out of ignorance.

     
  • Anonymous - 2004-07-21

    Logged In: YES
    user_id=1048957

    Moved back to Bugs, since Richard says it's working but is
    just relying on the wrong macro to test authentication.

     
  • Anonymous - 2004-07-21
    • labels: --> Functionality
    • assigned_to: nobody --> sm-msk
     
  • Anonymous - 2004-07-21

    Logged In: YES
    user_id=1048957

    I'll consult with Claus and get a fix into 0.1.15.

     
  • Anonymous - 2004-07-21

    Logged In: YES
    user_id=1048957

    0.1.15 will use {auth_type}.

     
  • Anonymous - 2004-07-23
    • status: open --> closed-fixed
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks