|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Content filter wants to know sender's IP
From: Alexander Nosenko (nae
titul.ru)Date: Sun Jun 04 2000 - 23:48:31 CDT
- Next message: Andrew Sweger: "Re: Content filter wants to know sender's IP"
- Previous message: Wietse Venema: "Re: RPM Packaging of the latest Snapshot"
- In reply to: Wietse Venema: "Re: Content filter wants to know sender's IP"
- Next in thread: Andrew Sweger: "Re: Content filter wants to know sender's IP"
- Next in thread: Andrew Sweger: "Re: Content filter wants to know sender's IP"
- Reply: Alexander Nosenko: "Re: Content filter wants to know sender's IP"
- Reply: Andrew Sweger: "Re: Content filter wants to know sender's IP"
- Reply: Brad Knowles: "Re: Content filter wants to know sender's IP"
- Reply: Liviu Daia: "Authenticating content filter (was: Content filter wants to know sender's IP)"
- Reply: Wietse Venema: "Re: Content filter wants to know sender's IP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----- Original Message -----
From: Wietse Venema <wietseporcupine.org>
Subject: Re: Content filter wants to know sender's IP
>> I want to filter _outgoing_ mail (on company's firewall).
>That does not change my question - why filter some not all.
I didn't state the problem clear enough, I'm afraid (sorry). I filter
everything. I just want to use in filtering rules all the data Postfix has
about it's client (IP, auth data) that inspector can't get itself.
> The way to do this is to extend the pipe mailer with more $name
> command-line expansions.
>
> There is no reliable way to make sender IP ADDRESS information
> available when the content inspector is connected to Postfix via
> SMTP. If you pass the information via message headers it can be
> forged.
...
> There is no reliable way to make all sender authentication information
> available when the content inspector is connected to Postfix via
> SMTP. If you take authentication information from message headers
> it can be forged, and you are giving too much information to recipients.
>
> Wietse
It looks like content inspection via SMTP has some security deficiencies.
Inspector can't get access to all info MTA has collected already :-(. All it
knows is message headers (possibly forged). Besides, some evil program on
localhost (or somewhere else, depending on firewalling) can connect to 10025
port (or even 10026 port, what a horror ;-) and have a free run, so
inspector can't trust even it's clients. The pipe mailer is _the secure way_
and extendable too (thanks for the idea).
Is the secure protocol to move all content inspection to another host yet
to be invented? That's another topic, of course.
Regards,
Alexander Nosenko <naetitul.ru>
--- The answer to the Great Question of Life, Universe and Everything is 42... octal or hexadecimal?
- Next message: Andrew Sweger: "Re: Content filter wants to know sender's IP"
- Previous message: Wietse Venema: "Re: RPM Packaging of the latest Snapshot"
- In reply to: Wietse Venema: "Re: Content filter wants to know sender's IP"
- Next in thread: Andrew Sweger: "Re: Content filter wants to know sender's IP"
- Next in thread: Andrew Sweger: "Re: Content filter wants to know sender's IP"
- Reply: Alexander Nosenko: "Re: Content filter wants to know sender's IP"
- Reply: Andrew Sweger: "Re: Content filter wants to know sender's IP"
- Reply: Brad Knowles: "Re: Content filter wants to know sender's IP"
- Reply: Liviu Daia: "Authenticating content filter (was: Content filter wants to know sender's IP)"
- Reply: Wietse Venema: "Re: Content filter wants to know sender's IP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]