Hello list, does anyone of this list knows a MTA, which can act also as a MDA with the following options: - if mail for userx arrives, check, if host A is up and send a signal (RPC ?) to the client to fetch the mail, be it an Apple, PC or a Linux system - automatically de-/encrypt mails. I just wondered, if it is possible, because the MTA would have to send the pub.key to everyone it is sending mail to... Is that right? - only use encrypted transfer, within a heterogen network with Linux-clients, Apples and PC´s. Would you use TLS? It does not matter, which MTA to use, I would thank for any tip and hint. Thank you in advance, I hope this is not OT. Enrico --
On Thu, Jun 13, 2002 at 02:00:53PM +0100, E. Scichilone wrote:
Hello list, does anyone of this list knows a MTA, which can act also as a MDA with the following options:
- if mail for userx arrives, check, if host A is up and send a signal (RPC ?) to the client to fetch the mail, be it an Apple, PC or a Linux system
- automatically de-/encrypt mails. I just wondered, if it is possible, because the MTA would have to send the pub.key to everyone it is sending mail to... Is that right? automatically DEcrypt? You mean your server shall know the private keys of all your users? automatically ENcrypt? you(r MTA) will have to know the pub keys of all
- only use encrypted transfer, within a heterogen network with Linux-clients, Apples and PC?s. Would you use TLS? why not? it works.
have a look at biff_notify/comsat service, and postfix biff = yes option. probably other MTAs can do this, too. don't know if that is what you want, though. you could run your own "comsat" server on localhost:comsat, and dispatch the notification from there. Simple perl server will do, quick'n'dirty version: ca 50 lines. message sent to server is just upd "user@offset", so your "comsat" server could e.g. 'smbclient -M' your windows users, something similar to mac and other OSes... security: be sure to check that the "notification" dgram is in fact from your MTA and not faked (... well, and ssssst, we are at some 287 lines ...) but won't the usual "check all ## minutes" do? If host A is not up, it won't fetch :> And if you can not afford all the clients polling... you could install a local MTA on your "clients", and just leave it to SMTP (/TLS, if you prefer); that is what it has been designed for. potential recipients. probably I did not understand you here. maybe you can explain what (and why) you are trying to implement? this gives only (limited depending on your config) authentification from one hop to the next and makes it very hard for sneeky snort'ers to get hold on the message content on this part of the delivery path. and no cleartext passwords, which is good, so you should use it. [ are you /sure/ that clear text messages on the harddisks of your ] [ clients are more secure than clear text messages on your LAN? ] maybe POP over SSL/TLS would do the trick for you? plenty mail clients do support this. and SMTP/TLS to send. if you want endpoint<->endpoint authentification and encryption: you (the respective senders) have to encrypt the mail itself, no MTA could do this for you, if it could, it was not end<->end.
Thank you in advance, I hope this is not OT. not sure about that one.
Enrico
hope this helps... Lars -- but remember (to cite a sig from an other well known list member): "If you think, cryptography will solve your problem, then you don't understand cryptography, and you don't understand your problem."
participants (2)
-
E. Scichilone
-
l.g.e@web.de