[SOLVED] Secured remote control of the Server using email

sundialsvcs · 09-12-2012, 09:28 AM

Your smart-phone is perfectly capable of running other programs ... a custom application, perhaps. It is capable of making secure internet connections securely.

Most likely, an application like the one you propose to construct already exists.

evgenyz · 09-12-2012, 09:31 AM

If I have good email headers parser then the spoofing can't be an issue, since I can always compare the original email headers sent with the request to subsequent emails after I verify the authenticity of the first email...

YankeePride13 · 09-12-2012, 09:38 AM

Mail headers can be spoofed too...But do what you wish, I'm clearly not going to be able to change your mind.

Noway2 · 09-12-2012, 09:44 AM

Quote:

Originally Posted by evgenyz

If I have good email headers parser then the spoofing can't be an issue, since I can always compare the original email headers sent with the request to subsequent emails after I verify the authenticity of the first email...

If email headers could be reliably authenticated, everyone would be using domain keys and spam would not be a problem.

evgenyz · 09-12-2012, 09:45 AM

Thank you for your opinions, They were very helpful!
Have a great day!

273 · 09-12-2012, 09:51 AM

If you must do this might I suggest you see whether you could have the application decrypt GPG messages signed with the correct key then act upon them, rather than trusting any old spoofed email?
That does, of course, rely upon you being able to encrypt and sign messages from your phone but if worst came to the worst you could use a commercial webmail like Hushmail that does it for you.

evgenyz · 09-12-2012, 11:34 AM

Quote:

Originally Posted by Noway2

If email headers could be reliably authenticated, everyone would be using domain keys and spam would not be a problem.

Can you explain what do you mean?

Thanks

Noway2 · 09-12-2012, 12:27 PM

Domain keys, or Domain Key Authenticated Mail is a technique whereby the originating server cryptographically signs the message headers. The recipient can then verify these headers and make a determination as to whether or not they have been modified and / or if the apparent originating server indeed was. In theory it would reliably protect against spoofed email headers. Here is an example (the header is partial):

Code:

Received: from localhost (localhost [127.0.0.1])
     by myserver.net (Postfix) with ESMTP id 13F50173
     for <me@mydomain.net>; Sat, 25 Aug 2012 12:58:43 -0400 (EDT)
X-Virus-Scanned: Debian amavisd-new at mydomain.net
Authentication-Results: mydomain.net (amavisd-new); dkim=softfail
     (fail, message has been altered) header.i=@gmail.com
(snip)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
     h=date:from:to:message-id:in-reply-to:references:subject:x-mailer
     :mime-version:content-type:content-transfer-encoding
     :content-disposition;
     bh=gyOZ1OBwrxT48Uhor/9Lxj3dk9L+1TCKoRhIeSqk4cc=;
     b=OTVtXDqh4CCH3bFfriD1GVA6LRNPSCK3SfhMTL0pO/Z+0Wa3Dduz+tUIi+7w+dCHWA
     O0aVj7Q7okXLIm1ihd9y0ytG4IU877ku31rfIfgMHY5pJ8okF0ehfhmFubO1KDftQZ7R
     xDfH+tHvMhYxA79KCqqnF93ostNV14JaJo5u2kRfuA6j3EiUgN0TfSIY9yRv24t5dr7a
     wDp3i0m3hIQF+V9V6bQnyGS+Qo2Ie2+7XbHWDzajyRmLWKwZLaKhNLfbOl/Nj73w0Ngj
     kbMDphccXFV5Rm2lOt4JFN9TpjrVTN45dxe8kHguihlxk7VH/TzMHAIlzJQ8kbXqewc7
     NhMg==
Received: by 10.236.76.132 with SMTP id b4mr7256362yhe.106.1345913895968;
     Sat, 25 Aug 2012 09:58:15 -0700 (PDT)
Received: from [152.19.250.40] (esw09.its.unc.edu. [152.19.250.40])
     by mx.google.com with ESMTPS id j9sm6521525anl.4.2012.08.25.09.58.13
     (version=TLSv1/SSLv3 cipher=OTHER);
     Sat, 25 Aug 2012 09:58:14 -0700 (PDT)

This particular header failed the DKIM check because it was modified. In this particular instance, the mail was sent to a mailing list and the mailman application in turn forwarded it to me as a recipient, thereby altering the header from the original signing. This is one of the problems with domain keys, with another being low utilization.

evgenyz · 09-12-2012, 12:51 PM

Suppose I received the following headers:

Delivery-Date: Wed, 12 Sep 2012 13:27:11 -0400
received: from exprod8mx233.postini.com ([64.18.3.133] helo=psmtp.com) by mail-01.primus.ca with smtp (Exim 4.72) (envelope-from <forum@linuxquestions.org>) id 1TBqiV-000859-6E for dsl_evgeny@magma.ca; Wed, 12 Sep 2012 13:27:11 -0400
received: from imap1.magma.ca ([206.191.0.208]) by exprod8mx233.postini.com ([64.18.7.10]) with SMTP; Wed, 12 Sep 2012 12:27:10 CDT
received: from mx1-8.spamtrap.magma.ca (mx1.internal.magma.ca [10.0.10.26]) by imap1.magma.ca (8.13.1/8.13.1) with ESMTP id q8CHR9K1008398 for <dsl_evgeny@primus-forward.magma.ca>; Wed, 12 Sep 2012 13:27:09 -0400
received: from in2.magma.ca (in2.internal.magma.ca [10.0.10.122]) by mx1-8.spamtrap.magma.ca (8.13.1/8.13.1) with ESMTP id q8CHR9wV029329 for <dsl_evgeny@primus-forward.magma.ca>; Wed, 12 Sep 2012 13:27:09 -0400
received: from psmtp.com (exprod8mx290.postini.com [64.18.3.157]) by in2.magma.ca (Magma's Mail Server) with ESMTP id q8CHR75L031955 for <evgeny@dsl.ca>; Wed, 12 Sep 2012 13:27:07 -0400
received: from sql02.linuxquestions.org ([208.101.3.244]) (using TLSv1) by exprod8mx290.postini.com ([64.18.7.10]) with SMTP; Wed, 12 Sep 2012 13:27:07 EDT
received: from web02.linuxquestions.org (web02-be.linuxquestions.org [10.13.156.4]) by sql02.linuxquestions.org (8.13.8/8.13.8) with ESMTP id q8CHR51b027920 for <evgeny@dsl.ca>; Wed, 12 Sep 2012 13:27:06 -0400
received: from web02.linuxquestions.org (localhost.localdomain [127.0.0.1]) by web02.linuxquestions.org (8.13.8/8.13.8) with ESMTP id q8CHR5a0027367 for <evgeny@dsl.ca>; Wed, 12 Sep 2012 13:27:05 -0400
received: (from nobody@localhost) by web02.linuxquestions.org (8.13.8/8.13.8/Submit) id q8CHR5o1027366; Wed, 12 Sep 2012 13:27:05 -0400
Domainkey-Signature: a=rsa-sha1; s=smtp; d=linuxquestions.org; c=simple; q=dns; b=wUK+E/CUpCSDkxESKOlW8ykDEBTY+YpKA8YZhPDmeH4KtqVQ7XXBsYmzGZrV/j0lB 2XqA4YMSoG+2M9HtW2XzQ==
Date: Wed, 12 Sep 2012 13:27:05 -0400
To: evgeny@dsl.ca

And I don't have any messages like

Authentication-Results: mydomain.net (amavisd-new); dkim=softfail
(fail, message has been altered) header.i=@gmail.com
Then I can save the headers (correponding "from" and "by") as a headers sequence template.
I can also validate the dns of "from" and "by" hosts and verify that they are valid.

Then I can verify the subsequent emails from the same origin to same destination using this template. I also can take in account the time duration between the first and last "Received" header.
What's wrong with this approach (I'm not talking about identity validation of the sender in a first time)?

Noway2 · 09-12-2012, 01:13 PM

By way of comparison, from the LinuxQuestions.org thread notification emails, I get the following:

Code:

Authentication-Results: mydomain.net (amavisd-new); domainkeys=pass

In this particular case, unlike the mailman modified message, I have verification that the headers have not been altered. The mail message is simply a text file and can contain commands that could be executed by a script. The more I think about the logistics of what you are trying to do, and as I previously mentioned, the mail server should not be privileged enough to run any commands, you would need a program to decode (i.e. match) the commands and then execute the associated functions. Using a compiled, properly owned, program you could then make used of the SETUID to execute as the program user. This would also give you an additional layer in which you can verify that the commands are proper and filter any "bad" data, much in the way GET and POST data is sanitized. The program doesn't have to be anything special and can be a simple C case statement block with corresponding "exec" functions. I would certainly keep the command set confined to a "safe" set and not execute any direct data from the email (again, treat it like web data).

As far as your approach goes, really, it comes down to a matter of whether you are comfortable with this level of authentication. Do keep in mind that email is sent in plain text and is stored insecurely on endpoint and possibly intermediate hosts.

evgenyz · 09-12-2012, 02:33 PM

Thanks a lot!

subssn594 · 09-26-2012, 07:11 AM

There's software that will do what you want, and it looks like it has reasonable security: Grunt.

Here's a link to the github repo: https://github.com/jgoerzen/grunt

That's the good news. The bad news is that Ubuntu upgrades made the version I was using non-functional. I had previously made some minor mods to get it working when I first installed it from the Hardy release, but I didn't put any effort into making it work on Precise (12.04). I'm considering getting a version working from myself.

evgenyz · 09-28-2012, 12:16 PM

This tool is very old and it based on GPG-signed emails which can't be implemented on all mobile platforms. I heard about this program but for my opinion it's not secured enough.
Any way, thanks for your response!

pin · 10-25-2012, 08:33 AM

Hi evgenyz,
That's true that such SMTP communication is unsecured, but check the brand new product I saw recently: ALES-U of alessoft.com.
I think they solved the security issue (or at least they claimed they solved this)...

evgenyz · 10-25-2012, 09:50 AM

Thanks!
Seems interesting... Will check this site.