Sign mail with DKIM even if it's a local app that send the mail #947
Comments
|
Isn't this pretty important actually? |
|
Yes :s Another strategy could be to have an additional list of authorized accounts along with the LDAP accounts : https://github.com/YunoHost/yunohost/blob/unstable/data/templates/postfix/main.cf#L80 Or to create a special LDAP user for this kind of need and store its password somewhere in /etc/yunohost/ (Overall I don't know if disabling the need for authentication if a good or bad idea - maybe it's fine) |
|
Has anyone done any work on this? This would be really great to push forward for things like the Discourse reply email stuff. I suppose other apps will need it. Is there some idea in which direction to go in? |
|
My idea is to make a helper which create a user in LDAP for the app. With that we give the possibility to send the email with this user in LDAP, normally this email should be signed. |
|
Done in YunoHost/yunohost#815 |
Original Redmine Issue: 947
Author Name: ljf
With the "auth_only" directive in rmilter dkim conf, we could set it to no, to allow mail from nextcloud, wordpress etc. to be signed even if we don't register a mail account in the email configuration.
I don't like the idea to register the account (because password is stored in clear in this case).
SO I suggest to add "auth_only: no" in these template:
https://github.com/YunoHost/yunohost/blob/unstable/data/templates/rmilter/rmilter.conf#L7
https://github.com/YunoHost/yunohost/blob/unstable/data/templates/rmilter/ynh_dkim.conf#L4
The text was updated successfully, but these errors were encountered: