atom feed34 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Standard Signatures
FromSent OnAttachments
Peter BurdenMar 18, 2008 5:01 am 
Gordon MessmerMar 18, 2008 8:17 am 
Harry DuncanMar 18, 2008 8:48 am 
Ben KennedyMar 18, 2008 12:00 pm 
Aidas KasparasMar 18, 2008 12:13 pm 
Harry DuncanMar 18, 2008 12:43 pm 
Harry DuncanMar 18, 2008 12:56 pm 
Norbert SchmidtMar 18, 2008 1:22 pm 
Gordon MessmerMar 18, 2008 5:55 pm 
Jerry AmundsonMar 19, 2008 9:58 am 
Gordon MessmerMar 19, 2008 11:47 am 
Harry DuncanMar 20, 2008 12:02 am 
Aidas KasparasMar 20, 2008 2:19 am 
Peter BurdenMar 20, 2008 4:03 am 
EndaMar 20, 2008 4:44 am 
Harry DuncanMar 20, 2008 4:47 am 
Gordon MessmerMar 20, 2008 9:04 am 
Peter BurdenApr 22, 2008 8:56 am 
Peter BurdenApr 22, 2008 8:57 am 
Gordon MessmerApr 23, 2008 12:22 am 
Peter BurdenApr 23, 2008 2:14 am 
Gordon MessmerApr 23, 2008 3:20 pm 
Peter BurdenApr 23, 2008 4:48 pm 
Gordon MessmerApr 23, 2008 9:27 pm 
Peter BurdenMay 12, 2008 9:06 am 
Aleksander AdamowskiMay 15, 2008 10:53 am 
Peter BurdenMay 15, 2008 3:33 pm 
Aleksander AdamowskiMay 16, 2008 2:49 am 
Peter BurdenJun 18, 2008 9:00 am 
Jeff JansenJun 18, 2008 5:45 pm 
Peter BurdenJun 19, 2008 1:56 pm 
Gordon MessmerJun 19, 2008 4:35 pm 
Jeff JansenJun 19, 2008 6:08 pm.patch
Peter BurdenJul 22, 2008 3:47 am 
Subject:Re: [courier-users] Standard Signatures
From:Peter Burden (pete@gmail.com)
Date:Mar 20, 2008 4:03:35 am
List:net.sourceforge.lists.courier-users

On 20/03/2008, Harry Duncan <usr.@gmail.com> wrote:

On Wed, Mar 19, 2008 at 6:47 PM, Gordon Messmer <yiny@eburg.com> wrote:

Jerry Amundson wrote:

But a solution to either one solves both. Basically, aren't we saying(?): 1. As a company, mandate *no* signatures on the mail client for the company account. 2. Require SMTP AUTH. 3. Globally filter such that the script uses auth info to lookup fullname, title, etc. externally 4. Add txt/html formatted signature as needed. See? Simple. ;-)

Yes, it is simple. If someone wants to do append signatures for legal or policy reasons, I wouldn't remark. However, anyone who thinks that enforcing this policy on their mail server will secure them against fraud committed by employees (giving themselves inappropriate titles) should be set straight. It won't.

HOw do you distinguish between inbound and outbound smtp? I know for instance on my setup, I can catch inbound messages with maildrop filters because they are part of the local delivery process, but how do I hook a filter into courier so that it only catches outbound smtp messages?

Thanks to everybody for all the replies to my original post. Harry's point about catching outbound messages was one that I hoped somebody could answer, also assuming I write a "maildrop" like filter, how do I capture the AUTH information associated with the message? I guess I might have to start hacking some of the "core" parts of Courier (perhaps "submit"?), this sounds like rather more work than I thought.

As far as comments about the suitability of the proposal to avoid fraud, I accept that there are plenty of ways of circumventing it, however IMHO most of these require an in-depth understanding of the operation of e-mail that most potential fraudsters would lack. [In fact I'm often surprised by the extent that the inner workings of e-mail seem such a mystery to many in IT.]

I'm not too sure about how to handle multi-part and MIME encoded mail, one idea is, rather than a standard signature at the bottom of the mail, put a standard salutation at the top (a sort of electronic equivalent of headed notepaper). Any reactions?

Harry.

_______________________________________________ courier-users mailing list cour@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users