On Wed, 18 Feb 2004 mw-list-spf-discuss(_at_)csi(_dot_)hu wrote:
On Tue, Feb 17, 2004 at 06:49:32PM -0500, Meng Weng Wong wrote:
On Tue, Feb 17, 2004 at 09:26:57AM -0600,
mw-list-spf-discuss(_at_)csi(_dot_)hu wrote:
| But why not focus on the really fundamental problems:
|
| 1) How do you propose to handle users' forwarding from .forward or
| .qmail files (as opposed to relaying)?
.forward before: final(_at_)destination(_dot_)com
.forward after: "|/usr/bin/srs --secret=/etc/srs.secret
final(_at_)destination(_dot_)com"
What if destination.com is hosted on the same server?
This does not affect SRS at all.
Each user will handle (know?) the secrets?
In this particular instantiation, yes. It may be possible to create an SRS
wrapper which knows the secret, but which is not readable to the user. The
user generally gains nothing from either knowing or selling the secret, so
this probably isn't important. (Since it's inevitably going to be asked:)
If the user is a spammer, then ... why do you have a spammer as a user?
Throw him off.
| 2) How do you propose to handle SRS in case of multiple incoming and
| outgoing servers?
Each server has to know the SRS secret(s).
What if the two MX's for a domain are on two different company's
servers? Should they trust each other with the secrets?
If either of your company MX servers is malicious, you are in deep shit.
If neither of them is malicious, you might as well give them the secret.
It's not like it has particular monetary value.
So yes, all MX servers for a domain should share the same secret.
I will include some of these notes in my documentation. Thank you for the
questions.
S.
--
Shevek http://www.anarres.org/
I am the Borg. http://www.gothnicity.org/