Subject: The mailing list for listmasters using Sympa
List archive
- From: Steve Shipway <address@concealed>
- To: "address@concealed" <address@concealed>
- Cc: Menkens Olaf <address@concealed>
- Subject: RE: [sympa-users] Sympa and S/MIME
- Date: Tue, 25 Sep 2012 21:45:20 +0000
> - as far as I understand the idea of signing, the list should not sign
> mails itself, but the sender should sign the mail and the list just
> must not modify its contents. Distributing signed mails is usually no
> problem even without special S/MIME configuration of the list.
I have this much working fine, since I installed the necessary certs in the
CA dir and rehashed it.
The Sympa 6.1.11 seems to sign messages from the list admin (moderation
notifications etc) but not messages being passed via the list, even if
initially unsigned. I was hoping to get messages signed by the list cert in
order to add some verification to the postings on official announcement
lists...
The signing only seems to work if I add the -nodetach option to openssl, so
that it is a pure signed message. Reading up on openssl, this seems to be a
'fault' of openssl being strict to the RFC with respect to \r\n line
terminators, whereas exchange/outlook are not and so generated signatures
fail. I can find no workaround for this (the -binary option does not work
either).
> - mail encryption did not work with sympa 6.1.7 out of the box. I sent
> some patches to the sympa-users list on 16.12.2011. I didn't check,
> whether they were included in the current release. As an alternative it
> was possible to use the mail.pm module from sympa 6.2 sources.
I'll check this out. Mail encryption produces an 'internal error' for me
that Im still trying to track down. I'd rather not modify the distributed
source too much if at all possible though.
The Sympa documentation is very, very sparse on this subject, sadly. Many
things (such as having two certs for a list, one for signing and one for
encryption) I only found out by reading the code... also how to install the
list public cert into outlook in order to send encrypted emails was not
simple!
There is some strange behaviour in smime_sign that looks in list_data/sympa
for a certificate when signing a moderator notification, rather than in
list_data/$robot/$list. I think it may be trying to find a certificate for
Sympa itself?
Steve
Steve Shipway
ITS Unix Services Design Lead
University of Auckland, New Zealand
Floor 1, 58 Symonds Street, Auckland
Phone: +64 (0)9 3737599 ext 86487
DDI: +64 (0)9 924 6487
Mobile: +64 (0)21 753 189
Email: address@concealed
Please consider the environment before printing this e-mail
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
-
[sympa-users] Sympa and S/MIME,
Steve Shipway, 09/24/2012
-
Re: [sympa-users] Sympa and S/MIME,
Steve Shipway, 09/24/2012
-
Message not available
- RE: [sympa-users] Sympa and S/MIME, Steve Shipway, 09/25/2012
-
Message not available
-
Message not available
-
RE: [sympa-users] Sympa and S/MIME,
Steve Shipway, 09/27/2012
- Re: [sympa-users] Sympa and S/MIME, Olaf Menkens, 09/28/2012
-
RE: [sympa-users] Sympa and S/MIME,
Steve Shipway, 09/27/2012
-
Re: [sympa-users] Sympa and S/MIME,
Steve Shipway, 09/24/2012
Archive powered by MHonArc 2.6.19+.