[SOLVED] Secured remote control of the Server using email
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Your smart-phone is perfectly capable of running other programs ... a custom application, perhaps. It is capable of making secure internet connections securely.
Most likely, an application like the one you propose to construct already exists.
If I have good email headers parser then the spoofing can't be an issue, since I can always compare the original email headers sent with the request to subsequent emails after I verify the authenticity of the first email...
If I have good email headers parser then the spoofing can't be an issue, since I can always compare the original email headers sent with the request to subsequent emails after I verify the authenticity of the first email...
If email headers could be reliably authenticated, everyone would be using domain keys and spam would not be a problem.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
If you must do this might I suggest you see whether you could have the application decrypt GPG messages signed with the correct key then act upon them, rather than trusting any old spoofed email?
That does, of course, rely upon you being able to encrypt and sign messages from your phone but if worst came to the worst you could use a commercial webmail like Hushmail that does it for you.
Domain keys, or Domain Key Authenticated Mail is a technique whereby the originating server cryptographically signs the message headers. The recipient can then verify these headers and make a determination as to whether or not they have been modified and / or if the apparent originating server indeed was. In theory it would reliably protect against spoofed email headers. Here is an example (the header is partial):
Code:
Received: from localhost (localhost [127.0.0.1])
by myserver.net (Postfix) with ESMTP id 13F50173
for <me@mydomain.net>; Sat, 25 Aug 2012 12:58:43 -0400 (EDT)
X-Virus-Scanned: Debian amavisd-new at mydomain.net
Authentication-Results: mydomain.net (amavisd-new); dkim=softfail
(fail, message has been altered) header.i=@gmail.com
(snip)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=date:from:to:message-id:in-reply-to:references:subject:x-mailer
:mime-version:content-type:content-transfer-encoding
:content-disposition;
bh=gyOZ1OBwrxT48Uhor/9Lxj3dk9L+1TCKoRhIeSqk4cc=;
b=OTVtXDqh4CCH3bFfriD1GVA6LRNPSCK3SfhMTL0pO/Z+0Wa3Dduz+tUIi+7w+dCHWA
O0aVj7Q7okXLIm1ihd9y0ytG4IU877ku31rfIfgMHY5pJ8okF0ehfhmFubO1KDftQZ7R
xDfH+tHvMhYxA79KCqqnF93ostNV14JaJo5u2kRfuA6j3EiUgN0TfSIY9yRv24t5dr7a
wDp3i0m3hIQF+V9V6bQnyGS+Qo2Ie2+7XbHWDzajyRmLWKwZLaKhNLfbOl/Nj73w0Ngj
kbMDphccXFV5Rm2lOt4JFN9TpjrVTN45dxe8kHguihlxk7VH/TzMHAIlzJQ8kbXqewc7
NhMg==
Received: by 10.236.76.132 with SMTP id b4mr7256362yhe.106.1345913895968;
Sat, 25 Aug 2012 09:58:15 -0700 (PDT)
Received: from [152.19.250.40] (esw09.its.unc.edu. [152.19.250.40])
by mx.google.com with ESMTPS id j9sm6521525anl.4.2012.08.25.09.58.13
(version=TLSv1/SSLv3 cipher=OTHER);
Sat, 25 Aug 2012 09:58:14 -0700 (PDT)
This particular header failed the DKIM check because it was modified. In this particular instance, the mail was sent to a mailing list and the mailman application in turn forwarded it to me as a recipient, thereby altering the header from the original signing. This is one of the problems with domain keys, with another being low utilization.
Delivery-Date: Wed, 12 Sep 2012 13:27:11 -0400
received: from exprod8mx233.postini.com ([64.18.3.133] helo=psmtp.com) by mail-01.primus.ca with smtp (Exim 4.72) (envelope-from <forum@linuxquestions.org>) id 1TBqiV-000859-6E for dsl_evgeny@magma.ca; Wed, 12 Sep 2012 13:27:11 -0400
received: from imap1.magma.ca ([206.191.0.208]) by exprod8mx233.postini.com ([64.18.7.10]) with SMTP; Wed, 12 Sep 2012 12:27:10 CDT
received: from mx1-8.spamtrap.magma.ca (mx1.internal.magma.ca [10.0.10.26]) by imap1.magma.ca (8.13.1/8.13.1) with ESMTP id q8CHR9K1008398 for <dsl_evgeny@primus-forward.magma.ca>; Wed, 12 Sep 2012 13:27:09 -0400
received: from in2.magma.ca (in2.internal.magma.ca [10.0.10.122]) by mx1-8.spamtrap.magma.ca (8.13.1/8.13.1) with ESMTP id q8CHR9wV029329 for <dsl_evgeny@primus-forward.magma.ca>; Wed, 12 Sep 2012 13:27:09 -0400
received: from psmtp.com (exprod8mx290.postini.com [64.18.3.157]) by in2.magma.ca (Magma's Mail Server) with ESMTP id q8CHR75L031955 for <evgeny@dsl.ca>; Wed, 12 Sep 2012 13:27:07 -0400
received: from sql02.linuxquestions.org ([208.101.3.244]) (using TLSv1) by exprod8mx290.postini.com ([64.18.7.10]) with SMTP; Wed, 12 Sep 2012 13:27:07 EDT
received: from web02.linuxquestions.org (web02-be.linuxquestions.org [10.13.156.4]) by sql02.linuxquestions.org (8.13.8/8.13.8) with ESMTP id q8CHR51b027920 for <evgeny@dsl.ca>; Wed, 12 Sep 2012 13:27:06 -0400
received: from web02.linuxquestions.org (localhost.localdomain [127.0.0.1]) by web02.linuxquestions.org (8.13.8/8.13.8) with ESMTP id q8CHR5a0027367 for <evgeny@dsl.ca>; Wed, 12 Sep 2012 13:27:05 -0400
received: (from nobody@localhost) by web02.linuxquestions.org (8.13.8/8.13.8/Submit) id q8CHR5o1027366; Wed, 12 Sep 2012 13:27:05 -0400
Domainkey-Signature: a=rsa-sha1; s=smtp; d=linuxquestions.org; c=simple; q=dns; b=wUK+E/CUpCSDkxESKOlW8ykDEBTY+YpKA8YZhPDmeH4KtqVQ7XXBsYmzGZrV/j0lB 2XqA4YMSoG+2M9HtW2XzQ==
Date: Wed, 12 Sep 2012 13:27:05 -0400
To: evgeny@dsl.ca
And I don't have any messages like
Authentication-Results: mydomain.net (amavisd-new); dkim=softfail
(fail, message has been altered) header.i=@gmail.com
Then I can save the headers (correponding "from" and "by") as a headers sequence template.
I can also validate the dns of "from" and "by" hosts and verify that they are valid.
Then I can verify the subsequent emails from the same origin to same destination using this template. I also can take in account the time duration between the first and last "Received" header.
What's wrong with this approach (I'm not talking about identity validation of the sender in a first time)?
In this particular case, unlike the mailman modified message, I have verification that the headers have not been altered. The mail message is simply a text file and can contain commands that could be executed by a script. The more I think about the logistics of what you are trying to do, and as I previously mentioned, the mail server should not be privileged enough to run any commands, you would need a program to decode (i.e. match) the commands and then execute the associated functions. Using a compiled, properly owned, program you could then make used of the SETUID to execute as the program user. This would also give you an additional layer in which you can verify that the commands are proper and filter any "bad" data, much in the way GET and POST data is sanitized. The program doesn't have to be anything special and can be a simple C case statement block with corresponding "exec" functions. I would certainly keep the command set confined to a "safe" set and not execute any direct data from the email (again, treat it like web data).
As far as your approach goes, really, it comes down to a matter of whether you are comfortable with this level of authentication. Do keep in mind that email is sent in plain text and is stored insecurely on endpoint and possibly intermediate hosts.
That's the good news. The bad news is that Ubuntu upgrades made the version I was using non-functional. I had previously made some minor mods to get it working when I first installed it from the Hardy release, but I didn't put any effort into making it work on Precise (12.04). I'm considering getting a version working from myself.
This tool is very old and it based on GPG-signed emails which can't be implemented on all mobile platforms. I heard about this program but for my opinion it's not secured enough.
Any way, thanks for your response!
Hi evgenyz,
That's true that such SMTP communication is unsecured, but check the brand new product I saw recently: ALES-U of alessoft.com.
I think they solved the security issue (or at least they claimed they solved this)...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.