OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Content filter wants to know sender's IP
From: Alexander Nosenko (naetitul.ru)
Date: Mon Jun 05 2000 - 02:09:27 CDT

----- Original Message -----
From: Andrew Sweger <andyn2h2.com>
> > ... some evil program on
> > localhost (or somewhere else, depending on firewalling) can connect to
10025
> > port (or even 10026 port, what a horror ;-)
>
> Oh, come on. That's what ipchains is for. Or a DMZ in a properly
> configured firewall.

Shure, ipchains can distinguish trusted and untrusted processes on
localhost... if we want to be a bit paranoid about mail security, we can't
rely on some external benevolent tool to do security checks.
Besides: one more conf file to fix, one more subsystem interdependancy, N++
more possible holes and chances for mistakes. It's an old recipe: first,
invent unsecure protocol (i.e. SMTP or plaintext remote login), second,
invent ad-hoc security wrapper (i.e. POP-before-SMTP auth), make it all
de-facto standart and cook until ready.
Real point is: how can mail subsystem processes spread over network share
security-sensitive data about messages? Pipes are secure but local, SMTP is
netty but insecure, SSL is slow... and any other ideas coming to me is too
complex (I'm not a security expert, through).

Regards,
Alexander Nosenko <naetitul.ru> 

---
If  2 * 2 = 3.978  it's a bug.
If  2 * 2 = 5  it's a feature.
If  2 * 2 = 4  it's a user's manual.