LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-17-2002, 03:31 PM   #1
mikeyt_333
Member
 
Registered: Jun 2001
Location: Up in the clouds
Distribution: Fedora et al.
Posts: 353

Rep: Reputation: 30
Stunnel and Sendmail


I am looking at securing my sendmail using stunnel. From what I have read it seems to be fairly straight forward, but I don't understand some things.

The way I understand mail transport, it will go from my home system to my mail server (which I am configing to use stunnel), then my mail server will locate the destination server, negotiate and send the mail. Once the mail is sitting on the destination server, the recipient will then either through web based, or pop3, pickup the email. My question is, doesn't the secure transmission thus end the moment my mail server begins negotiation with the destination server (assuming the destination isn't using secure SMTP.) If this is the case, how can I get around this, is the only way through Public/Private Key? Thanks in advance!

Mike.
 
Old 04-17-2002, 05:33 PM   #2
mikeyt_333
Member
 
Registered: Jun 2001
Location: Up in the clouds
Distribution: Fedora et al.
Posts: 353

Original Poster
Rep: Reputation: 30
Mail security

K, in your opinion do you think this scenario is secure:

I have a webstore program that sends orders via SMTP to users on the server it is running on. Doesn't that mean that it never actually leaves the server, and is secure as a result, as far as people not having access to it, as long as there isn't a hack or other form of intrusion.

TIA
Mike.
 
Old 04-17-2002, 05:33 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,987
Blog Entries: 54

Rep: Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742
Re: Stunnel and Sendmail

(..)My question is, doesn't the secure transmission thus end the moment my mail server begins negotiation with the destination server (assuming the destination isn't using secure SMTP.) If this is the case, how can I get around this, is the only way through Public/Private Key?(..)
If the remote side doesn't want SSLified traffic you're right, it ends at your SMTP server. Message encryption IMO is the only way because SSLifying shields only traffic, not storage, and can't do sender/msg verification on retrieval.
*Btw, I've seen a pkg doin GPG automatic signing tru sendmail (not tru a MUA), but I haven't been able to tinker with it, and I don't know if this could be used on multi-user hosts.

Last edited by unSpawn; 04-17-2002 at 05:38 PM.
 
Old 04-17-2002, 06:39 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,987
Blog Entries: 54

Rep: Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742
Re: Mail security

Quote:
Originally posted by mikeyt_333
K, in your opinion do you think this scenario is secure:

I have a webstore program that sends orders via SMTP to users on the server it is running on. Doesn't that mean that it never actually leaves the server, and is secure as a result, as far as people not having access to it, as long as there isn't a hack or other form of intrusion.

TIA
Mike.
/* Hmm. tried to merge these two threads as I'm sure this was your reply, but somehow the reply got stuck in the middle :-] */

Now for an answer I couldn't say it's secure without checking all the gory details, but if the webstore's scripts are checked for exploits/vulnerabilities, possibly using SMTP listening on the local interface with a restricted config, preferable w/o regular user shell accounts, and not doubling as server for the usual suspects of vulnerable services I'd say you've taken some steps ensure integrity, but I'm sure I'm forgetting some.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Stunnel over WiFi... need help linuxgeekery Linux - Wireless Networking 1 08-08-2005 03:03 PM
sendmail + stunnel through inetd mcd Linux - Networking 3 07-29-2005 08:27 AM
VNC and stunnel lacerto Linux - Security 2 04-28-2005 07:27 AM
Need Help: new to stunnel Traveler_Q Linux - Security 1 04-21-2004 08:49 PM
Stunnel won't work! Linux6574 Linux - General 0 04-12-2004 04:20 PM


All times are GMT -5. The time now is 04:33 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration