How to implement signature (using alertMIME) and signing
pandu at poluan.info
Tue Dec 20 19:46:42 CET 2011
On Dec 20, 2011 9:34 AM, "Pandu Poluan" <pandu at poluan.info> wrote:
> On Dec 20, 2011 3:21 AM, "Noel Jones" <njones at megan.vbhcs.org> wrote:
> > On 12/18/2011 11:18 PM, Pandu Poluan wrote:
> > > Hello list,
> > >
> > > I'm planning to implement a 'signing' mail server, i.e., a mail
> > > server that adds a signature (disclaimer, actually) plus DKIM
> > >
> > > The latter I know can be performed by amavis, while the former
> > > performed by alertMIME.
> > >
> > > The issue that makes this complicated is that I also want to utilize
> > > greylisting (using Postfix's postscreen) and spamfiltering (just in
> > > case the external accounts got cracked).
> > >
> > > I'm guessing the order of processing would be:
> > >
> > > 1. TLS
> > > 2. postscreen greylisting
> > DO NOT use postscreen or greylisting on authorized external mail.
> > To protect against cracked accounts, use postfwd or policyd to
> > implement rate limits.
> Hmmm... okay I can imagine some situations where greylisting can
introduce problems... thanks for the warning!
> postfwd? Okay, this is the first time I heard about that... any docs?
> And about policyd... Gentoo (the distro I'm using) doesn't seem to have
the latest major version...
> > > 3. spamfiltering
> > The usefulness of spam filtering on authorized external mail is
> > debatable, so decide for yourself if you really need it.
> Well, some of the external accounts are using Gmail (configured to "send
as" corporate account and through the corporate SMTP server). If the Gmail
users ever got phished, I'd want to block their emails.
> Plus, I want to use amavis's "pen pal" feature.
> > But virus scanning is a good idea. Again, rate limits are a better
> > defense.
> > Both virus and spam scanning are already handled by amavisd-new.
> > > 4. disclaimer append
> > > 5. DKIM sign
> > Disclaimers and DKIM signing can be done in amavisd-new, and much
> > easier than implementing them separately. Doing them in amavisd-new
> > eliminates the question of "order", since it's handled correctly for
> > you.
> Honestly, that's news to me; I've been reading up on amavisd-new for the
past two weeks and can't recall ever seeing that amavis can append
disclaimers. Care to point to some howto's?
> Anyways, thank you very much for the pointers. Much appreciated!
Aah, okay, I think I found some pointers:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the amavis-users