spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: cookie management during forwarding

2004-02-09 15:04:00
from [mw-list-spf-discuss] [Permanent Link] 
On Sat, Feb 07, 2004 at 04:33:51PM -0500, Meng Weng Wong wrote:

On Sat, Feb 07, 2004 at 09:57:40AM -0600, 
mw-list-spf-discuss(_at_)csi(_dot_)hu wrote:
| I just read the document on SRS.  I'd like to read about cookie management
| in case the "incoming forwarder" is different from the "outgoing forwarder".
| 
| In our university, all departmental servers send outgoing mail through
| an outgoing server (OUT), but incoming mail goes to a different server
| (INC).  What I'd like to read about somewheree how the cookie
| generated on OUT gets communicated to INC.

As long as you can add a configuration thingy to both outgoing and
incoming that looks like

  srs_secret=q34yqgaer

SRS should work.


Then I suddenly am confused.  I consider the following events:

8 AM:
  The secret on both servers is

  abcde

  The OUT server sends out a message with the envelope sender address

  0c7e75a5b8c57da10ffd61572f9add41-xy(_at_)a(_dot_)b

  where the first part of the local part was generated as
  
  # echo abcde-xy(_at_)a(_dot_)b | md5sum | cut -d' ' -f1
  0c7e75a5b8c57da10ffd61572f9add41

9 AM:
  We change the secret on both servers to

  ABCDE

10 AM:
   A bounce comes to the INC server with envelope rcpt 

   0c7e75a5b8c57da10ffd61572f9add41-xy(_at_)a(_dot_)b

   which can be verified to be correct only with the old secret, abcde.

So I guess then both servers have to keep track of all secrets used
(perhaps for 5 days), and accept all md5 sums that were the result of
encryption using any of the (not yet expired) secrets.

How often are these secrets to be changed?  And why are they changed?
If the secret does not depend on the particular message, but only on
the time and the whole site, changing it with some frequency prevents
what event?

Thx,

Mate

-- 
---
Mate Wierdl | Dept. of Math. Sciences | University of Memphis  
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/spf-draft-20040209.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DNS gurus: What is the max length of a TXT records?, Za'mbori, Zolta'n
Next by Date:  RE: Registrar supplied DNS support of TXT records?, Seth Goodman
Previous by Thread:  Re: cookie management during forwarding, Meng Weng Wong
Next by Thread:  Re: SPF in MTAs, Gregory Neil Shapiro
Indexes:  [Date] [Thread] [Top] [All Lists]