Mailfilter for unknown signatures (Re: gpg --search-keys)

Albert gnupg at ml0402.albert.uni.cc
Wed Mar 24 23:22:04 CET 2004


Am Mittwoch, 24. März 2004 18:00 schrieb Thomas Sjögren:
> On Wed, Mar 24, 2004 at 05:12:23PM +0100, Albert wrote:
> > Can you tell me why
> > gpg --keyserver hkp://pgp.mit.edu --search-keys Tamara
> > works and
> > gpg --keyserver hkp://pgp.mit.edu --search-keys Albert
> > not?
>
> Albert is a pretty common name so it generates too many
> responses. Try searching using the keyid or the complete name.

Thanks,

I tried to search my own key with different search strategies :-)

I uploaded 1 new email-address with my key and after a few days I 
got a W32/Mydoom.G to this address. A 2nd address which was 
uploaded to the keyserver too at the same time, got this Mydoom 
too, while a 3rd and 4th address (daughter, friend) didn't. It was 
very strange. With 99.99% I can exclude, that the malware came from 
the only person who knew the new email-address. We both use linux 
systems. I never heard of a linux system which spreads a win-worm 
automatically and passes the firewall. So the only source are the 
keyservers. Since a mail with my from-address bounced from a user 
with the same lastname than mine, it could be that she checked her 
keys and had my address cached or whatever, although she is a 
employee of a big company, which sent me an email with "550 
Unacceptable content", so I wonder how she could spread the 
virus/worm. Maybe the reason was because my firstname starts with 
"A". It looks like, that it is unlikely that someone fetched all 
Albert-keys or is there another way to do it?

I think the only way to protect email-addresses registered at 
key-servers from spam is to accept mails with signatures only and 
make an autoresponder for the non-signed.

As a 2nd step I would like to check for encrypted mails, which are 
signed but not known locally. Any ideas how I can do this with a 
linux-mailserver?

Albert




More information about the Gnupg-users mailing list