General
cancel
Showing results for 
Search instead for 
Did you mean: 

Using Sendmail to digitally sign email

Randall Harvey
Trusted Contributor

Using Sendmail to digitally sign email

I am looking for suggestions on a new requirement we're attempting to fulfill related to sending emails out of an application hosted on HP-UX which is using Sendmail to then relate emails to an Exchange Bridgehead.  Our customer is requiring us to attach a Digital Signature to every outbound email to provide non-repudiation.  Does anyone have suggestions of how this would be accomplished?

1 REPLY
Matti_Kurkela
Honored Contributor

Re: Using Sendmail to digitally sign email

First, you might want to ask the customer which type of Digital Signature would be preferred. If the customer is already using some type of digital signatures with some other application, using the same type would be beneficial, since the users should already be aware of that type of signature.

 

If this is for anti-spam/anti-spoofing purposes, DKIM would be an appropriate MTA-level technology. See:

http://www.sendmail.org/dkim/friendlyOverview

 

For other purposes, S/MIME or PGP might be appropriate, but ordinarily they require MUA-level operations, so you might have to modify the email sending process of your HP-UX application.

 

If that is not possible, the ultimate workaround would be to have the application send the messages to a local HP-UX mail account, which would then have procmail or similar set up to sign the messages and forward them to their destination. (You would need to make sure the forwarding account will forward only the messages received from the intended application; otherwise the system will be trivial to abuse.)

MK