From owner-freebsd-isp@FreeBSD.ORG Thu Jun 29 17:20:44 2006 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B32316A407 for ; Thu, 29 Jun 2006 17:20:44 +0000 (UTC) (envelope-from michael@gargantuan.com) Received: from phoenix.gargantuan.com (srv01.lak.lwxdatacom.net [24.73.171.238]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6393944347 for ; Thu, 29 Jun 2006 17:20:42 +0000 (GMT) (envelope-from michael@gargantuan.com) Received: by phoenix.gargantuan.com (Postfix, from userid 1001) id C2DEC355; Thu, 29 Jun 2006 13:20:40 -0400 (EDT) Date: Thu, 29 Jun 2006 13:20:40 -0400 From: "Michael W. Oliver" To: isp@freebsd.org Message-ID: <20060629172040.GC78932@gargantuan.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xo44VMWPx7vlQ2+2" Content-Disposition: inline X-WWW-URL: http://michael.gargantuan.com X-GPG-PGP-Public-Key: http://michael.gargantuan.com/gnupg/pubkey.asc X-GPG-PGP-Fingerprint: 2694 0179 AE3F BFAE 0916 0BF5 B16B FBAB C5FA A3C9 X-Home-Phone: +1-863-816-8091 X-Mobile-Phone: +1-863-738-2334 X-Mailing-Address0: 8008 Apache Lane X-Mailing-Address1: Lakeland, FL 33810-2172 X-Mailing-Address2: United States of America X-Guide-Questions: http://www.catb.org/~esr/faqs/smart-questions.html X-Guide-Netiquette: http://www.ietf.org/rfc/rfc1855.txt User-Agent: mutt-ng/devel-r774 (FreeBSD) Cc: Subject: email filtering with GPG X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jun 2006 17:20:44 -0000 --xo44VMWPx7vlQ2+2 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi list, I have a question about a particular MTA, not FreeBSD specifically, but since you are a bunch of service provider folk I figured I would ask. Here is my situation. I am using Postfix as my MTA, and would like to drastically cut the amount of email that my users see. I am already doing blacklist filtering and lots of other stuff in "smtpd_recipient_restrictions" in main.cf, but it isn't enough. What I would like to do is kill any email that doesn't have a valid PGP/GPG signature, but I am not sure that Postfix is the right place to do this. Right now, all mail is delivered to ~/Maildir for each user by maildrop, and they pick up their mail via IMAPS (Dovecot). At first I was thinking about some sort of filter for Postfix that would check for a signature and then reject the message if the signature check failed. However, the more I think about it, the more I am inclined to use maildrop's xfilter mechanism to do the signature checking to keep the load off of Postfix. The reality is that I am not sure which is why I am asking you. Am I crazy? Can you think of better ways to do strict signature checking in this environment, either with Postfix, maildrop, or something else I am not currently using? I thank you for your time and consideration. --=20 Mike Oliver, KI4OFU [see complete headers for contact information] --xo44VMWPx7vlQ2+2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (FreeBSD) iD8DBQFEpAvosWv7q8X6o8kRAkK6AJsFut/m7IxBcnHJU2p+tR04ZBP4sQCeM2WI y+95GZIxTcPO53C4fhZLA5w= =HuFY -----END PGP SIGNATURE----- --xo44VMWPx7vlQ2+2--