From owner-ctm-users@freebsd.org Sat Sep 5 18:57:16 2015 Return-Path: Delivered-To: ctm-users@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9C8179CB2C2 for ; Sat, 5 Sep 2015 18:57:16 +0000 (UTC) (envelope-from jvarner@gmail.com) Received: from mail-yk0-x22f.google.com (mail-yk0-x22f.google.com [IPv6:2607:f8b0:4002:c07::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 571DB1C36 for ; Sat, 5 Sep 2015 18:57:16 +0000 (UTC) (envelope-from jvarner@gmail.com) Received: by ykei199 with SMTP id i199so49011122yke.0 for ; Sat, 05 Sep 2015 11:57:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:from:to:cc:subject:mime-version:content-type:content-id :content-transfer-encoding:date; bh=USBPbovhT9CPq/bIov2B0z4XFwCxouZ2AGe/DgvF4Lc=; b=eSIONAilxYhEI7Xk2uY0aP3Q4bt3HCrPSOzFtKle7WinxEys7tSqLpL457+Vg9CJ3k TAtk7eQ7/eL8ke1YSO5l+rrbzyks3vRwBLSG/Nv/GnN3+mita4QPHsQECYppL68AK6vg J1N7wR+ZGAPktrtnfqi486wQzICojz38MM8NddDOeOhQe84+YD5DmubcIn/meFfFKXgx P8klggTaNoVKgL/CdRoK1StwG+c1tcnc8EZHLYs229CacQfvUBh1n672+7/5m6GXrwPn 97rfu04+QNv+qz5/W5IPmZ8INebSKKoEx4AGTVMvol2/kM8ujD3BSK+TAS0YoD4GPAwH LdoA== X-Received: by 10.129.46.140 with SMTP id u134mr11557853ywu.91.1441479435323; Sat, 05 Sep 2015 11:57:15 -0700 (PDT) Received: from limbo.local (71-47-8-51.res.bhn.net. [71.47.8.51]) by smtp.gmail.com with ESMTPSA id q130sm6189493ywb.36.2015.09.05.11.57.14 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 05 Sep 2015 11:57:14 -0700 (PDT) Received: from limbo (limbo.local [127.0.0.1]) by limbo.local (8.15.2/8.15.2) with ESMTP id t85HuM9L011518; Sat, 5 Sep 2015 17:56:22 GMT (envelope-from moriarty@eden.local) X-Authentication-Warning: limbo: Host limbo.local [127.0.0.1] claimed to be limbo Received: (from uucp@localhost) by limbo (8.15.2/8.15.2/Submit) with UUCP id t85HuLxs011517; Sat, 5 Sep 2015 17:56:21 GMT (envelope-from moriarty@eden.local) Received: from eden.local (eden [127.0.0.1]) by eden.local (8.15.2/8.15.2) with ESMTP id t85IdmkU047060; Sat, 5 Sep 2015 14:39:48 -0400 (EDT) (envelope-from moriarty@eden.local) Received: (from moriarty@localhost) by eden.local (8.15.2/8.15.2/Submit) id t85IdmIJ047044; Sat, 5 Sep 2015 14:39:48 -0400 (EDT) (envelope-from moriarty) Message-Id: <201509051839.t85IdmIJ047044@eden.local> From: jvarner@gmail.com To: ctm-users@freebsd.org cc: Peter Wemm Subject: Re: Future of CTM MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <47042.1441478388.1@eden> Content-Transfer-Encoding: quoted-printable Date: Sat, 05 Sep 2015 14:39:48 -0400 X-BeenThere: ctm-users@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: CTM User discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Sep 2015 18:57:16 -0000 (apologies for not replying to previous emails; just subscribed to the list...) Peter Wemm wrote: > I have been trying to find an example of somebody who is actually > verifying signatures before piping the messages to ctm_rmail. I am such an example. The following recipe is the one I use (I use nmh, so for most people the pipe to rcvstore should be replaced with a simple mailbox or maildir delivery): :0 * ^X-BeenThere: ctm-ports-cur@freebsd.org { :0 c: ${MAILDIR}/ctm-ports.${LOCKEXT} | rcvstore +ctm-ports -nounseen :0 c | gpg --no-default-keyring --keyring ${PMDIR}/ctm.key --verify :0 a | ctm_rmail -p ${HOME}/ctms/ports/pieces -d ${HOME}/ctms/ports/del= tas -l ${PMDIR}/ctm.log } Where ctm.key was produced by importing and exporting the ascii armored key from the mailman info page. I did check to confirm that modifying a signed CTM message will prevent ctm_rmail from running (gpg exits with an status of 2, which prevents the 'a' recipe from running). I did not check to confirm that a mis-signed message would not verify, but my presumption is that the combination of --no-default-keyring and --keyring should prevent that verification from working since the only key in the specified keyring is the CTM signing key.