Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Re: [suse-security] MTA with options
On Thu, Jun 13, 2002 at 02:00:53PM +0100, E. Scichilone wrote:
> Hello list,
> does anyone of this list knows a MTA, which can act also as a MDA with
> the following options:

> - if mail for userx arrives, check, if host A is up and send a signal
> (RPC ?) to the client to fetch the mail, be it an Apple, PC or a
> Linux system

have a look at biff_notify/comsat service, and postfix biff = yes option.
probably other MTAs can do this, too.

don't know if that is what you want, though. you could run your own
"comsat" server on localhost:comsat, and dispatch the notification from
there. Simple perl server will do, quick'n'dirty version: ca 50 lines.
message sent to server is just upd "user@offset", so your "comsat"
server could e.g. 'smbclient -M' your windows users, something similar
to mac and other OSes...

security: be sure to check that the "notification" dgram is in fact from
your MTA and not faked
(... well, and ssssst, we are at some 287 lines ...)

but won't the usual "check all ## minutes" do?
If host A is not up, it won't fetch :>

And if you can not afford all the clients polling... you could install a
local MTA on your "clients", and just leave it to SMTP (/TLS, if you prefer);
that is what it has been designed for.

> - automatically de-/encrypt mails. I just wondered, if it is
> possible, because the MTA would have to send the pub.key to everyone
> it is sending mail to... Is that right?
automatically DEcrypt? You mean your server shall know the private keys
of all your users?
automatically ENcrypt? you(r MTA) will have to know the pub keys of all
potential recipients.

probably I did not understand you here.
maybe you can explain what (and why) you are trying to implement?

> - only use encrypted transfer, within a heterogen network with
> Linux-clients, Apples and PC?s. Would you use TLS?
why not? it works.
this gives only (limited depending on your config) authentification from
one hop to the next and makes it very hard for sneeky snort'ers to get
hold on the message content on this part of the delivery path.
and no cleartext passwords, which is good, so you should use it.

[ are you /sure/ that clear text messages on the harddisks of your ]
[ clients are more secure than clear text messages on your LAN? ]

maybe POP over SSL/TLS would do the trick for you? plenty mail clients do
support this. and SMTP/TLS to send.

if you want endpoint<->endpoint authentification and encryption: you
(the respective senders) have to encrypt the mail itself, no MTA could
do this for you, if it could, it was not end<->end.

> Thank you in advance, I hope this is not OT.
not sure about that one.

> Enrico

hope this helps...

but remember (to cite a sig from an other well known list member):
"If you think, cryptography will solve your problem, then you don't
understand cryptography, and you don't understand your problem."

< Previous Next >
This Thread