From owner-freebsd-isp@FreeBSD.ORG Fri Jun 30 17:51:57 2006 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DBF1816A40F for ; Fri, 30 Jun 2006 17:51:57 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from proof.pobox.com (proof.pobox.com [207.106.133.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6748543D48 for ; Fri, 30 Jun 2006 17:51:57 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from proof (localhost [127.0.0.1]) by proof.pobox.com (Postfix) with ESMTP id 80F4523FAC; Fri, 30 Jun 2006 13:51:56 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by proof.sasl.smtp.pobox.com (Postfix) with ESMTP id 36A7F5F80B; Fri, 30 Jun 2006 13:51:54 -0400 (EDT) Received: from lists by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1FwN9k-0002VT-Gk; Fri, 30 Jun 2006 18:51:52 +0100 Date: Fri, 30 Jun 2006 18:51:52 +0100 From: Brian Candler To: "Michael W. Oliver" Message-ID: <20060630175152.GA9623@uk.tiscali.com> References: <20060629172040.GC78932@gargantuan.com> <1151601857.14510.5.camel@neuromancer.home.net> <20060629173252.GD78932@gargantuan.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060629173252.GD78932@gargantuan.com> User-Agent: Mutt/1.4.2.1i Cc: Ow Mun Heng , isp@freebsd.org Subject: Re: email filtering with GPG X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jun 2006 17:51:58 -0000 On Thu, Jun 29, 2006 at 01:32:52PM -0400, Michael W. Oliver wrote: > The more I think about this, the more certain I am that maildrop is the > right place. A user can manage their own .mailfilter configuration to > allow email from whomever they want, but there will still be a GPG > signature xfilter before the final drop to ~/Maildir. > > Sorry if I wasted anyone's time with this thread, I am feeling good > about using maildrop's xfilter now... unless I hear something different. The advantage of doing it in the MTA is that you can respond to the incoming mail with a 5xx response and properly reject it. If you do this after receiving the mail, either you will blackhole the message (i.e. neither the sender nor the recipient will know that a mail has gone missing), or you will have to create a send a bounce message, which will be collateral spam if the incoming mail is a spam with a forged return address. I don't know if Postfix can filter at this point, but Exim certainly can. Another strategy to consider, if all the mail servers are under your control, is to require SMTP with TLS and valid certificates, and reject all non-TLS mail. Your GPG approach would be better if the clients are sending outbound mail through random ISP smarthosts; but I'd argue that clients should be using *your* mailservers as smarthosts, using the message submission service (port 587) and SMTP AUTH to enter mails into the system. With each of the mailservers talking SMTP-TLS to each other, you have a closed and secure mail network, but also the option of adding certain other authorised sources of mail in the future if you wish. Regards, Brian.