> # 1. check signed exec command with pgp and strip
> # signature to prevent replay attacks
> :B fbw
> ^^-----BEGIN PGP SIGNED MESSAGE-----$$exec
> | pgp +batchmode -f +pubring=$HOME/.pgp/authorized.pgp
I fail to see how this prevents replays.
Yes, you're right, my comment is misleading, replays are possible if
my messages are intercepted before they reach my procmailrc. I just
wanted to point out that I strip the signature and replace the signed
message with the signed text instead of operating on a copy so that I
might misplace the original somewhere out in the open later.
my copy of PGP here doesn't even have the
+batchmode switch, does it do something I don't know about?
$ grep -i batchmode /usr/lib/pgp/*
/usr/lib/pgp/pgp.hlp:Use [+batchmode] for errorlevel returns
Pretty Good Privacy(tm) 2.6.3i - Public-key encryption for the masses.
(c) 1990-96 Philip Zimmermann, Phil's Pretty Good Software. 1996-01-18
International version - not for use in the USA. Does not use RSAREF.
Perhaps you should consider formail -rt instead?
With proper SMTP return address it boils down to a question of taste.
Thanks for your input!