postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: adding digital signature to email?

Re: adding digital signature to email?

From: Mark Blackman <mark_at_nospam>
Date: Wed Oct 27 2010 - 12:21:21 GMT
To: lst_hoe02@kwsoft.de

On 27 Oct 2010, at 13:11, lst_hoe02@kwsoft.de wrote:

> Zitat von Mark Blackman <mark@exonetric.com>:
>
>> On 27 Oct 2010, at 13:02, Tomasz Chmielewski wrote:
>>
>>> Is it somehow possible to make Postfix add a digital signature to outgoing emails?
>>>
>>> Most likely Postfix itself can't do it, but maybe there is some filter (similar to amavis, or dkimproxy) which can be used with Postfix, which lets digitally sign email (i.e. if From: is X1, sign with key K1)?
>>
>> That's a job for the MUA, not the MTA. There's no fraud-proof way for postfix to know who is sending the email.
>
> If username/password with TLS is enough there are fraud-proof ways do it Postfix content-filter, if not be sure to use at least ID-cards class3 with your MUA.

You're right, of course. I was overlooking that case and thinking of the more general internal unauthenticated relay case.

I still suspect that's better done at the MUA level though, as the digital signature requires the use of a private key
which should have a passphrase that only an interactive session can ask for.

OTOH, you can imagine uses of digital signatures that are slightly less demanding than the case of an individual making
legally-binding statements.

- Mark