Future of CTM
jvarner at gmail.com
jvarner at gmail.com
Sat Sep 5 18:57:16 UTC 2015
(apologies for not replying to previous emails; just subscribed to
the list...)
Peter Wemm wrote:
> I have been trying to find an example of somebody who is actually
> verifying signatures before piping the messages to ctm_rmail.
I am such an example. The following recipe is the one I use (I
use nmh, so for most people the pipe to rcvstore should be
replaced with a simple mailbox or maildir delivery):
:0
* ^X-BeenThere: ctm-ports-cur at freebsd.org
{
:0 c: ${MAILDIR}/ctm-ports.${LOCKEXT}
| rcvstore +ctm-ports -nounseen
:0 c
| gpg --no-default-keyring --keyring ${PMDIR}/ctm.key --verify
:0 a
| ctm_rmail -p ${HOME}/ctms/ports/pieces -d ${HOME}/ctms/ports/deltas -l ${PMDIR}/ctm.log
}
Where ctm.key was produced by importing and exporting the ascii
armored key from the mailman info page. I did check to confirm
that modifying a signed CTM message will prevent ctm_rmail from
running (gpg exits with an status of 2, which prevents the 'a'
recipe from running). I did not check to confirm that a
mis-signed message would not verify, but my presumption is that
the combination of --no-default-keyring and --keyring should
prevent that verification from working since the only key in the
specified keyring is the CTM signing key.
More information about the ctm-users
mailing list