Skip to Content.
Sympa Menu

devel - Re: [sympa-dev] Authentication with e-mail address

Subject: Developers of Sympa

List archive

Chronological Thread  
  • From: address@concealed
  • To: Dick Visser <address@concealed>
  • Cc: address@concealed
  • Subject: Re: [sympa-dev] Authentication with e-mail address
  • Date: Wed, 30 Aug 2006 12:03:55 +0200

Dick Visser wrote:

Serge Aumont wrote:

The From: header is used. We should say for "identification" not for "authentification" because it's really not a secure information and the listmaster can decide to use authorization scenario that always require a stronger authentication.

Or the Envelope-From address?

And what if they both exist and are different?


The envelope-From is ignored, unless the Return-path header is tested in scenario (usually not used).


So using sympa does not protect me from being spammed as well.

All mailing list server use From: header but Sympa do not trust this header in a hard coded way. Sympa scenario allows you to test any header in the authorization/authentification processus. So you can request user authentication by email chalenge or s/mime signature.

Would it be difficult to apply SPF checks to the From: header address?
Since sympa is written in perl you could also use SPF::Query I guess.

SPF is based on remote MTA IP so spf verification MUST be operated by the MX of the receiving domain. Ones the message is relayed inside your domain SPF can't be verified anymore. If you are using a milter for sendmail on your MX, the message will be taggued by the milter with a specific custom header and this header can be tested by other application. Sympa authorization and authentification scenari can do it right now because any header can be tested. You probably can do the same with postfix, exim, qmail...

DKIM is based on a signature added by the remote MTA. DKIM can be checked even after the message was relayed. We allready check DK signature on our incomming MTA and Sympa can test to DKIM status on a SMTP header. We plans to add a DKIM verification directly in Sympa it would become a authentication method in Sympa scenario. DKIM integration in mailing srevice is rather complex and need first that DKIM become more standard and stable.

Serge



Archive powered by MHonArc 2.6.19+.

Top of Page