I think that the combination of KeyTable and SigningTable and LUA and
MTA macros provide all the tools I need to do this, but the specifics
of how to do it are not something I've had to delve into yet.
Basically I have this scenario in mind:
1. Cluster of mail servers ong 10.2.1.0/24
2. Webmail servers on 10.2.2.0/24
The cluster of mail servers handles both smtp auth and webmail users
sending. It needs to be able to make the decision:
1. Always sign for webmail users if a key exists and if mail is coming
from 10.2.2.0/24, never verify.
2. Always sign for smtp auth users if mail is authenticated, and use
the envelope sender to generate the signing domain, never verify.
3. Never sign email for forwarded email, but always verify inbound email.
The complicated part is that the same set of mail servers must make a
signing decision based on auth, source ip, and whether to use the From
sender or envelope sender. It was easy in exim, but I'm having a hard
time wrapping my head around it in a sendmail application.
Note that this is NOT the way I have my system configured currently.
Currently, smtp auth is one bank of mail servers, smtp forwarders and
local delivery is another bank of mail servers, and webmail is a third
bank of mail servers. So the physical segmentation takes care of
configuration differences.
I guess basically I would just like some guidance about how to
implement this in LUA, which is what I expect will be the ultimate
solution.
--
Regards... Todd
I seek the truth...it is only persistence in self-delusion and
ignorance that does harm. -- Marcus Aurealius
Received on Wed Oct 27 2010 - 18:45:55 PST