email filtering with GPG
Brian Candler
B.Candler at pobox.com
Fri Jun 30 17:51:58 UTC 2006
On Thu, Jun 29, 2006 at 01:32:52PM -0400, Michael W. Oliver wrote:
> The more I think about this, the more certain I am that maildrop is the
> right place. A user can manage their own .mailfilter configuration to
> allow email from whomever they want, but there will still be a GPG
> signature xfilter before the final drop to ~/Maildir.
>
> Sorry if I wasted anyone's time with this thread, I am feeling good
> about using maildrop's xfilter now... unless I hear something different.
The advantage of doing it in the MTA is that you can respond to the incoming
mail with a 5xx response and properly reject it.
If you do this after receiving the mail, either you will blackhole the
message (i.e. neither the sender nor the recipient will know that a mail has
gone missing), or you will have to create a send a bounce message, which
will be collateral spam if the incoming mail is a spam with a forged return
address.
I don't know if Postfix can filter at this point, but Exim certainly can.
Another strategy to consider, if all the mail servers are under your
control, is to require SMTP with TLS and valid certificates, and reject all
non-TLS mail.
Your GPG approach would be better if the clients are sending outbound mail
through random ISP smarthosts; but I'd argue that clients should be using
*your* mailservers as smarthosts, using the message submission service (port
587) and SMTP AUTH to enter mails into the system. With each of the
mailservers talking SMTP-TLS to each other, you have a closed and secure
mail network, but also the option of adding certain other authorised sources
of mail in the future if you wish.
Regards,
Brian.
More information about the freebsd-isp
mailing list