Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re^3: Postfix: Piping an email into a PERL script

by MidLifeXis (Monsignor)
on Apr 26, 2013 at 15:26 UTC ( #1030855=note: print w/replies, xml ) Need Help??


in reply to Re^2: Postfix: Piping an email into a PERL script
in thread Postfix: Piping an email into a PERL script

Is there a need to protect against internal users spoofing this? It is quite easy to speak SMTP.

--MidLifeXis

  • Comment on Re^3: Postfix: Piping an email into a PERL script

Replies are listed 'Best First'.
Re^4: Postfix: Piping an email into a PERL script
by Zzenmonk (Sexton) on Apr 26, 2013 at 15:34 UTC

    Indeed! And I do not know how to protect a mail server from faked headers! I mean you can just telnet the port 25 of a MTA and write whatever you want. Mail is a risk, remains a risk and will always remain a risk.

    The best medicine against depression is a cold beer!

      Since the transport is insecure, armor the message. See gpg (or the like) as one possible way to assist. It could be set up so that only a validly signed message from an allowed user can pass through.

      I am not saying you have to go this route, just pointing out some weaknesses in the area of security, and this will probably be the last I say on this particular thread.

      --MidLifeXis

        Unless I am wrong, gpg protects the content of the mail, the so called body not the header sometimes called the envelope. Accordingly all header fields can be spoofed. Just imagine I spoof the Reply To: field of a mail. Depending on the case, you would respond to me and not to the sender of the email. Gpg will not protect you against this. It will just prevent me to read the message.

        My best knowledge of this matter is: IPV6 is designed to protect email traffic. It supports encryption and certificates at protocol layer level. Unfortunately the only implementation of IPV6 I have seen until now are at Internet-backbone level. Most of the mail server still use IPV4 and do not implement encryption and certificates for a simple reason: you partially close your inbox if you do and so you might miss some emails of potential clients.

        The best medicine against depression is a cold beer!

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1030855]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (7)
As of 2022-01-26 16:28 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:












    Results (69 votes). Check out past polls.

    Notices?