OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Content filter wants to know sender's IP
From: Brad Knowles (blkskynet.be)
Date: Mon Jun 05 2000 - 03:06:47 CDT

At 8:48 AM +0400 2000/6/5, Alexander Nosenko wrote:

> It looks like content inspection via SMTP has some security deficiencies.
> Inspector can't get access to all info MTA has collected already :-(.

        Yup. The only stuff you can really depend on is the envelope
information, and there's no way to record that in the message itself,
because it could otherwise be forged. There has to be some trusted
out-of-band communications method (such as passing more information
on the command line) that cannot be violated in this manner.

> All it
> knows is message headers (possibly forged). Besides, some evil program on
> localhost (or somewhere else, depending on firewalling) can connect to 10025
> port (or even 10026 port, what a horror ;-) and have a free run, so
> inspector can't trust even it's clients.

        Yup. Now you're starting to understand the sort of problem
Wietse is up against -- each one of his individual programs has to be
secure (or as secure as he can make them) against Trojan versions of
other programs in the family, or other programs pretending to be in
the family.

        Maximal distrust at every possible level is the only way to
guarantee maximum security. 

--
   These are my opinions -- not to be taken as official Skynet policy
======================================================================
Brad Knowles, <blkskynet.be>                || Belgacom Skynet SA/NV
Systems Architect, Mail/News/FTP/Proxy Admin || Rue Colonel Bourg, 124
Phone/Fax: +32-2-706.13.11/12.49             || B-1140 Brussels
http://www.skynet.be                         || Belgium