spf-discuss
[Top] [All Lists]

RE: Updates on SRS crypto

2004-02-23 16:32:09
mw-list-spf-discuss(_at_)csi(_dot_)hu wrote:
On Fri, Feb 20, 2004 at 04:52:28PM -0600, Dustin D. Trammell wrote:
I'm not developing a qmail SRS implementation, but I do use qmail,
so perhaps I can try to shed some light on this.  From what I
understand of SRS, I would think that it would be handled somewhere
around qmail-queue, not qmail-local.

qmail-queue has no idea if the message is remote or not; it is
qmail-send which decides if the message is remote or local.  I guess
making the secret file readable to the qmails user only (qmail-send is
run as qmails), one could modify qmail-send to do srs.  In fact, it
seems the only way to handle srs would be by qmail-send, since
qmail-send prepends every message to a virtualdomain by a
string---destroying srs bounces that are supposed to start with the
string SRS.

Ah, there you go, that's where I was going with that thought.  If
qmail-send were performing the SRS translations, then only the qmails
user would require access to the secret.

---
Dustin D. Trammell
Vulnerability Remediation Alchemist
Citadel Security Software, Inc.


<Prev in Thread] Current Thread [Next in Thread>