NTACurrent en:Header Authentication

Aus Cryptshare Documentation
Version vom 7. März 2022, 09:25 Uhr von imported>Erhardts (Adapted headings and line breaks)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu:Navigation, Suche

Overview

Header Authentication is an additional mechanism to prevent unauthorised parties from using the Cryptshare Mail Gateway as a relay to send emails to any domain (open relay). With enabled Header Authentication, all messages coming from trusted hosts will need to have a certain header value, otherwise they are discarded.

Header Authentication can be enabled during the initial setup. This page describes how to configure it at a later time.

Configuration Steps

  1. Open /opt/cryptshare-mail-gateway/smtp-filter/config.properties in an editor.
  2. To specify the name of the required header, change the value of app.smtp.auth.header.name. Otherwise the default value "X-CS-AuthenticationKey" is used.
app.smtp.auth.header.name = X-MyAuthenticationHeader
  1. To enable Header Authentication and specify the expected value of the header, change the value of app.smtp.auth.header.value. If you leave it empty or the line is commented out, Header Authentication will be disabled.
app.smtp.auth.header.value = my-expected-header-value
  1. Save the file.
  2. Restart the cmg-filter service:
systemctl restart cmg.filter
Please note that this header is removed by the Cryptshare Mail Gateway, so that the (confidential) value of the header isn't made public. Do no specify any header that is required to remain in the message as authentication header.