Bug 3580

Summary: Add support for some SSL options to spamc and spamd
Product: Spamassassin Reporter: Sidney Markowitz <sidney>
Component: spamc/spamdAssignee: SpamAssassin Developer Mailing List <dev>
Status: NEW ---    
Severity: enhancement    
Priority: P5    
Version: SVN Trunk (Latest Devel Version)   
Target Milestone: Future   
Hardware: Other   
OS: other   

Description Sidney Markowitz 2004-07-08 21:11:41 UTC
spamd and spamc make only minimal use of SSL, encrypting the data to protect
against eavesdropping on the network. It does not check that the host name of
the server matches the certificate that is presented, and it does not make use
of a list of trusted root certificates, which are two ways that the client can
verify that it is talking to the authorized server. It does not allow for use of
a client side certificate that would authenticate spamc to the server. OpenSSL
can support these functions, but it would require adding options to spamc and
spamd to specify their use.

The limitations in the support of SSL should be documented, along with the
suggestion that using a VPN may be a satsifactory workaround. It may be enough
to just document the lack of what we are not willing to implement.
Comment 1 Daniel Quinlan 2005-03-30 01:08:42 UTC
move bug to Future milestone (previously set to Future -- I hope)