Mailfilter for unknown signatures (Re: gpg --search-keys)

Thomas Sjögren thomas at
Sun Mar 28 21:56:03 CEST 2004

On Thu, Mar 25, 2004 at 01:54:41AM +0100, Albert wrote:
> I think it is very unlikely to spread win-viruses with linux 
> machines.

Well, yes, win-viruses/worms doesnt work on linux machines but i was
talking more generally. since linux has become more and more of a
desktop-os, malware will start to hit the end-users sooner or later. 
we've already seen a couple of worms attacking and gaining root on  servers.
See for more info.

> It depends on your email-strategies and on your _personal_ needs. 
> Why shouldn't one use an email-address for signed/encrypted mails 
> _only_? 

Personally, i dont like to fiddle around with more email-addresses than
necessary. If people like a setup with two addresses, one
for signed/encrypted mails and one for "normal" mails, it's of course up
to them.

> I think the first filter I can setup at a freemailer like gmx, where 
> I check for "application/pgp-signature" in the header, so unsigned 
> emails are deleted there without downloading. Maybe I belong to the 
> people who have no real security needs, but think where everything 
> is monitored and manipulated, using gpg shouldn't be wrong.
> The next step after the redirection to a freemailer are the local 
> filters.

If we're talking about a scenario wheres "everything is monitored",
sending mail thru various freemailers might not be such a good idea. The
more servers a mail is sent thru the more is the risk of someone
actually monitoring it. sure, this does not include the risk of the
message getting picked up by a signals intelligence system like Echelon.

> qpopper is also setup. So the users clients get their mails via a 
> local POP3-server, using KMail and mails are stored there in 
> maildir-format. At the end a valid email has to be forwared to the 
> default mailbox in /var/spool/mail and maybe the user should get a 
> note that an encrypted email from X was deleted.

i would put the encrypted mail in quarantine instead, maybe the system
got some flaws in it? 

> The mail doesn't contain a key-ID, so I have to check if the 
> email-address can be found in my local keys, or am I wrong?
> Using grep I should be able to get the from-address and with 
> gpg --list-keys <email-address> I can check the public keys, the 
> program mail could be used to inform of a deleted email.

Yes, that would work.

> I don't use it, but why are they broken? I know that 
> shows a wrong fingerprint with my key, but with 
> it is ok.

wrong fingerprint? thats pretty serious imo.
the reason i told you is that they dont support subkeys.

== thomas at | thomas at
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
Url : /pipermail/attachments/20040328/170e381b/attachment-0001.bin

More information about the Gnupg-users mailing list