Mercurial > docs > diploma
comparison thesis/tex/4-MasqmailsFuture.tex @ 172:5c873e6478ef
wrote about encryption
| author | meillo@marmaro.de |
|---|---|
| date | Mon, 22 Dec 2008 20:42:33 +0100 |
| parents | 204683bfb4e7 |
| children | c51f1be54224 |
comparison
equal
deleted
inserted
replaced
| 171:9415e41e765e | 172:5c873e6478ef |
|---|---|
| 191 \item a different local user (e.g.\ ``\texttt{bob: alice}'') | 191 \item a different local user (e.g.\ ``\texttt{bob: alice}'') |
| 192 \item a remote user (e.g.\ ``\texttt{bob: john@example.com}'') | 192 \item a remote user (e.g.\ ``\texttt{bob: john@example.com}'') |
| 193 \item a list of users (e.g.\ ``\texttt{bob: alice, john@example.com}'') | 193 \item a list of users (e.g.\ ``\texttt{bob: alice, john@example.com}'') |
| 194 \item a command (e.g.\ ``\texttt{bob: |foo}'') | 194 \item a command (e.g.\ ``\texttt{bob: |foo}'') |
| 195 \end{itemize} | 195 \end{itemize} |
| 196 Aliases can be cascaded like in the following example: | |
| 197 \begin{verbatim} | |
| 198 team: alice, bob | |
| 199 bob: bob@example.com | |
| 200 \end{verbatim} | |
| 201 | |
| 202 Addresses expanding to lists of users lead to more envelopes. Aliases changing the reciptients domain part may require a different route to use. | 196 Addresses expanding to lists of users lead to more envelopes. Aliases changing the reciptients domain part may require a different route to use. |
| 203 | 197 |
| 204 Aliasing is often handled in expanding the alias and reinjecting the mail into the system. Unfortunately, the mail is processed twice using this approach; also does the system need to handle more mail this way. Is it needed to check the new recipient address for acceptance, or should it be accepted generally? (The aliase actually came from inside the system.) A second point for access control seems to be no choice. | 198 Aliasing is often handled in expanding the alias and reinjecting the mail into the system. Unfortunately, the mail is processed twice then; additionally does the system have to handle more mail this way. If it is wanted to check the new recipient address for acceptance and do all processing again, then reinjecting it is the best choice. |
| 205 | 199 |
| 206 | 200 |
| 207 | 201 |
| 208 \subsubsection*{Authentication} | 202 \subsubsection*{Authentication} |
| 209 | 203 |
| 240 | 234 |
| 241 | 235 |
| 242 | 236 |
| 243 \subsubsection*{Encryption} | 237 \subsubsection*{Encryption} |
| 244 | 238 |
| 245 TLS/SSL prevents attackers to listen on the cable | 239 Electronic mail is very weak to sniffing attacks, because all data transfer is unencrypted. This concerns the message's content, as well as the email addresses in header and envelope, but also authentication dialogs that may transfer plain text passwords (\NAME{PLAIN} and \NAME{LOGIN} are examples). Adding encryption is therefor wanted. |
| 246 but it does not prevent man-in-the-middle attacks | 240 |
| 247 signed certificates help here | 241 The common way to encrypt \SMTP\ dialogs is using \name{Transport Layer Security} (short: \TLS, successor of \NAME{SSL}). \TLS\ encrypts the datagrams of the \name{transport layer}. This means it works below the application protocols and can be used by any of them\citeweb{wikipedia:tls}. |
| 248 | 242 |
| 249 | 243 \TLS\ allows to create secure tunnels through which arbitrary programs can communicate. Hence one can add secure communication afterwards to programs without changing them. \name{OpenSSL} for example---a free implementation---allows traffic to be piped into a command; a secure tunnel is created and the traffic is forwarded through it. Or a secure tunnel can be set up between a local and a remote port; this tunnel can then be used by any application. |
| 250 ch /usr/share/ssl/misc | 244 |
| 251 | 245 The \NAME{POP} protocol, for example, is good suited for such tunneling, but \SMTP\ is is not generally. Outgoing \SMTP\ client connections can be tunneled without problem---\masqmail\ already provides a configure option called \texttt{wrapper} to do so. Tunneling incomming connections to a server leads to problems with \SMTP. As data comes encrypted through the tunnel to the receiving host and gets then decrypted and forwarded on local to the port the application listens on. From the \MTA's view, this makes all connections appear to come from localhost, unfortunately. Figure \ref{fig:stunnel} depicts the data flow. |
| 252 create new CA: | 246 |
| 253 \begin{verbatim} | 247 \begin{figure} |
| 254 CA.pl -newca | 248 \begin{center} |
| 255 country: DE | 249 \input{input/stunnel.tex} |
| 256 state: schwaben | 250 \end{center} |
| 257 city: Ulm | 251 \caption{Data flow using \name{stunnel}} |
| 258 company: | 252 \label{fig:stunnel} |
| 259 section: | 253 \end{figure} |
| 260 name: | 254 |
| 261 emailaddress: | 255 For incoming connections, \NAME{STARTTLS}---defined in \RFC2487---is what \mta{}s implement. |
| 262 \end{verbatim} | 256 |
| 263 | 257 \masqmail\ is already able to encrypt outgoing connections, but encryption of incoming connections, using \NAME{STARTTLS} should be implemented. This only affects the \SMTP\ server module. |
| 264 generate ssl key: | 258 |
| 265 \begin{verbatim} | 259 %TLS/SSL prevents attackers to listen on the cable |
| 266 CA.pl -newreq | 260 %but it does not prevent man-in-the-middle attacks |
| 267 ... the same questions | 261 %signed certificates help here |
| 268 \end{verbatim} | 262 % or PGP encryption |
| 269 | 263 |
| 270 sign request with CA: | 264 |
| 271 \begin{verbatim} | 265 %do not use stunnel wit SMTP: |
| 272 CA.pl -sign | 266 %because all incoming mail would be from 127.0.0.1 !! |
| 273 \end{verbatim} | 267 %use STARTTLS instead |
| 274 | 268 |
| 275 remove passphrase from private key: | 269 %postfix: main.cf |
| 276 \begin{verbatim} | 270 %\begin{verbatim} |
| 277 openssl rsa <newreq.pem >key.pem | 271 % smtpd_use_tls = yes |
| 278 (to be used by programs automaticly) | 272 % smtpd_tls_received_header = no (does not log in received headers) |
| 279 \end{verbatim} | 273 % |
| 280 | 274 % smtpd_tls_key_file = /etc/postfix/key.pem |
| 281 secure: | 275 % smtpd_tls_cert_file = /etc/postfix/cert.pem |
| 282 \begin{verbatim} | 276 % smtpd_tls_CA_file = /etc/postfix/CAcert.pem |
| 283 chmod 400 *.pem | 277 % |
| 284 cp newcert.pem /etc/postfix/cert.pem | 278 % smtp_use_tls = yes (use TLS for sending) |
| 285 cp key.pem /etc/postfix/key.pem | 279 % smtp_tls_key_file = /etc/postfix/key.pem |
| 286 cp demoCA/cacert.pem /etc/postfix/CAcert.pem | 280 % smtp_tls_cert_file = /etc/postfix/cert.pem |
| 287 chmode 400 /etc/postfix/*.pem | 281 % smtp_tls_CA_file = /etc/postfix/CAcert.pem |
| 288 | 282 %\end{verbatim} |
| 289 mkdir /etc/stunnel | |
| 290 cat newcert.pem key.pem >/etc/stunnel/stunnel.pem | |
| 291 chmod 400 /etc/stunnel/stunnel.pem | |
| 292 (check /etc/stunnel with `stunnel -V') | |
| 293 \end{verbatim} | |
| 294 | |
| 295 | |
| 296 set up stunnels for POP, etc: | |
| 297 \begin{verbatim} | |
| 298 nmap localhost | |
| 299 stunnel -d pop3s -r localhost:pop3 -p /etc/stunnel/stunnel.pem | |
| 300 stunnel -d imaps -r localhost:imap -p /etc/stunnel/stunnel.pem | |
| 301 nmap localhost | |
| 302 pop3s 995 | |
| 303 imaps 993 | |
| 304 \end{verbatim} | |
| 305 | |
| 306 do not use stunnel wit SMTP: | |
| 307 because all incoming mail would be from 127.0.0.1 !! | |
| 308 use STARTTLS instead | |
| 309 | |
| 310 postfix: main.cf | |
| 311 \begin{verbatim} | |
| 312 smtpd_use_tls = yes | |
| 313 smtpd_tls_received_header = no (does not log in received headers) | |
| 314 | |
| 315 smtpd_tls_key_file = /etc/postfix/key.pem | |
| 316 smtpd_tls_cert_file = /etc/postfix/cert.pem | |
| 317 smtpd_tls_CA_file = /etc/postfix/CAcert.pem | |
| 318 | |
| 319 smtp_use_tls = yes (use TLS for sending) | |
| 320 smtp_tls_key_file = /etc/postfix/key.pem | |
| 321 smtp_tls_cert_file = /etc/postfix/cert.pem | |
| 322 smtp_tls_CA_file = /etc/postfix/CAcert.pem | |
| 323 \end{verbatim} | |
| 324 | 283 |
| 325 | 284 |
| 326 | 285 |
| 327 | 286 |
| 328 \subsubsection*{Spam prevention} | 287 \subsubsection*{Spam prevention} |