Liviu.Daiaimar.ro

• Next message: Michael Tokarev: "Re: RPM Packaging of the latest Snapshot"
• Previous message: Brad Knowles: "Re: Content filter wants to know sender's IP"
• In reply to: Alexander Nosenko: "Re: Content filter wants to know sender's IP"
• Next in thread: Ulrich Gebauer: "postfix & mysql"
• Next in thread: Andrew Sweger: "Re: Content filter wants to know sender's IP"
• Reply: Liviu Daia: "Authenticating content filter (was: Content filter wants to know sender's IP)"
• Reply: Ulrich Gebauer: "postfix & mysql"
• Reply: Wietse Venema: "Re: Authenticating content filter (was: Content filter wants to know sender's IP)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 5 June 2000, Alexander Nosenko <naetitul.ru> wrote:
[...]
> Besides, some evil program on localhost (or somewhere else, depending
> on firewalling) can connect to 10025 port (or even 10026 port, what
> a horror ;-) and have a free run, so inspector can't trust even it's
> clients. The pipe mailer is _the secure way_ and extendable too
> (thanks for the idea). Is the secure protocol to move all content
> inspection to another host yet to be invented? That's another topic,
> of course.

    Well, the filter has no reason to accept connections from the
outside world, so the 10025 part can be made relatively safe by only
accepting connections from localhost (it would still be subject to TCP
spoofing). The problem is the 10026 loopback: you can't play games à
la tcpwrappers with it, and it has to ignore any SMTP restrictions or
you might run into loops. The natural approach here would be to use
some sort of cryptographic challenge between port 10025 and port 10026,
but making Postfix keep track of challenges and answers would be a huge
burden, for very little reward. So the next natural thing to try would
be to make Postfix authenticate against the filter, and the filter
authenticate back against Postfix (and refuse the connection if any of
the authentication checks fails). To that purpose, we may, of course,
come up with our own protocol etc. etc., or we may use an existing one,
like SMTP AUTH. The latter option has the advantage it needs only a
minor change to Postfix code, but it requires the filter to know how
to authenticate, with both the client and the server sides. Again,
Cyrus SASL would be the natural candidate for that task. Writing Perl
bindings to it would be rather boring, but straightforward.

    Regards,

    Liviu Daia

-- 
Dr. Liviu Daia               e-mail:   Liviu.Daiaimar.ro
Institute of Mathematics     web page: http://www.imar.ro/~daia
of the Romanian Academy      PGP key:  http://www.imar.ro/~daia/daia.asc

• Next message: Michael Tokarev: "Re: RPM Packaging of the latest Snapshot"
• Previous message: Brad Knowles: "Re: Content filter wants to know sender's IP"
• In reply to: Alexander Nosenko: "Re: Content filter wants to know sender's IP"
• Next in thread: Ulrich Gebauer: "postfix & mysql"
• Next in thread: Andrew Sweger: "Re: Content filter wants to know sender's IP"
• Reply: Liviu Daia: "Authenticating content filter (was: Content filter wants to know sender's IP)"
• Reply: Ulrich Gebauer: "postfix & mysql"
• Reply: Wietse Venema: "Re: Authenticating content filter (was: Content filter wants to know sender's IP)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]