Comments on: Verifying Hashcash Tokens With Mutt Linux. GNU. Freedom. Tue, 31 Oct 2017 18:00:46 +0000 hourly 1 By: Ian McEwen Wed, 30 Mar 2011 07:08:20 +0000 May as well put them somewhere other than your blog, I suppose. And a VCS is the obvious choice for 'elsewhere'; makes patches/packaging/etc. easier.

Having done a bit more reading the spent tokens thing does make more sense (it can't be cash if you can spend things more than once!), although I've been clearing out the database for testing purposes as I'm setting everything up. Looks to be set now, though.

I've also successfully made my SpamAssassin on my mailserver understand Hashcash, and figure this is a good place to document what I needed to do: You have to tell it what at which emails you'll be receiving email or it doesn't check, even though the Hashcash plugin is enabled by default (which makes sense -- it doesn't want valid Hashcash signatures, it wants valid Hashcash signatures *for you*). This is done with the hashcash_accept option, which should be in one or the other of your SpamAssassion .cf files. It takes any number of email addresses, and makes available * and ? glob-style patterns, as well as %u for the current user.

Hope that helps someone trying to use Hashcash; thanks again for the scripts!

By: Aaron Wed, 30 Mar 2011 04:58:49 +0000 Ahh. Thanks for the updates on the tuple- I'll check that out. To answer your question about spent tokens, however, it's because you already have a copy of them in your hashcash.db. It is by design. The token was used and placed in the database, so there is no need to use it again. Just part of the protocol.

Also, I'm being bugged about putting the scripts in a public Git repository. Thoughts?

By: Ian McEwen Wed, 30 Mar 2011 04:47:39 +0000 Looks great to me -- one change I made (other than s/python/python2/ since I'm on Arch Linux!) was to change EMAILADDR into a tuple of strings, and line 33 to have 'in' rather than '=='. This makes it work when you have multiple emails, which is always nice! Even better, although I didn't want to figure it out, would be if it used the 'alternates' setting from .muttrc, where I already have a whole list of email addresses configured!

One question, probably silly: why does it only work once? If I try to open the same email a second time it indicates the token is spent. I presume this is how it's supposed to work, but why?

Thanks for a great couple of scripts! Perhaps I'll package them for Arch sometime later.