Re: What are reasonable signing policies?

From: Todd Lyons <>
Date: Tue, 26 Oct 2010 21:15:02 -0700

On Tue, Oct 26, 2010 at 4:53 PM, J.D. Falk
<> wrote:
>>> We also have some Unix workstations
>>> where mutt, for example, invokes /usr/lib/sendmail directly.  It's the
>> But it is a lesser degree of trust.  So you might be better off
>> signing it with a different subdomain.
> Is it?  Presumably the user still has to log in to access mutt.

Signing decision by default uses the From header right? So Joe Shmoe
would normally send email as But with
mutt he can simply change the From header to The email gets sent, it
relays through a central server, and then gets a dkim signature for instead of That is why I
consider it a lesser degree of trust, because it can be socially

In my exim system (doesn't use opendkim), I force the signing domain
to be the domain of the smtp auth user (envelope sender), and if it's
from webmail, I force the signing domain to be the domain from the
email address in the From header (users are not allowed to edit the
From header directly, but they can choose from a list of predefined
alias email addresses). My sendmail/opendkim system is segmented such
that my smtp auth and webmail smtp servers are separate and do not
overlap, so I don't need to work on changing the source of the signing

If there is some flaw in my logic, please do point it out. I am well
aware of your authority WRT to all things internet and your experience
with large systems, so I hesitate to even disagree with you.

Regards...      Todd
I seek the is only persistence in self-delusion and
ignorance that does harm.  -- Marcus Aurealius
Received on Wed Oct 27 2010 - 04:15:12 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:19:49 PST