Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re^4: Postfix: Piping an email into a PERL script

by Zzenmonk (Sexton)
on Apr 26, 2013 at 15:34 UTC ( #1030860=note: print w/replies, xml ) Need Help??


in reply to Re^3: Postfix: Piping an email into a PERL script
in thread Postfix: Piping an email into a PERL script

Indeed! And I do not know how to protect a mail server from faked headers! I mean you can just telnet the port 25 of a MTA and write whatever you want. Mail is a risk, remains a risk and will always remain a risk.

The best medicine against depression is a cold beer!
  • Comment on Re^4: Postfix: Piping an email into a PERL script

Replies are listed 'Best First'.
Re^5: Postfix: Piping an email into a PERL script
by MidLifeXis (Monsignor) on Apr 26, 2013 at 15:42 UTC

    Since the transport is insecure, armor the message. See gpg (or the like) as one possible way to assist. It could be set up so that only a validly signed message from an allowed user can pass through.

    I am not saying you have to go this route, just pointing out some weaknesses in the area of security, and this will probably be the last I say on this particular thread.

    --MidLifeXis

      Unless I am wrong, gpg protects the content of the mail, the so called body not the header sometimes called the envelope. Accordingly all header fields can be spoofed. Just imagine I spoof the Reply To: field of a mail. Depending on the case, you would respond to me and not to the sender of the email. Gpg will not protect you against this. It will just prevent me to read the message.

      My best knowledge of this matter is: IPV6 is designed to protect email traffic. It supports encryption and certificates at protocol layer level. Unfortunately the only implementation of IPV6 I have seen until now are at Internet-backbone level. Most of the mail server still use IPV4 and do not implement encryption and certificates for a simple reason: you partially close your inbox if you do and so you might miss some emails of potential clients.

      The best medicine against depression is a cold beer!
        No, GPG does more than that.

        By using public/private keys, GPG is able to tell who the message is actually from (assuming private keys were not stolen). The incoming message would be signed (encryption of the message isn't necessary) by the user's private key, and you'd then use that person's public key to verify that it was actually sent by that person.

        Thus, by using GPG, you don't need to implicitly trust the headers, you can verify if the header has been spoofed or not.

        -Scott

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1030860]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (4)
As of 2022-01-26 17:19 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:












    Results (69 votes). Check out past polls.

    Notices?