Secure email

Ben bikepunk at gmx.net
Fri Jun 1 15:09:39 PDT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



# shameless home page plug: http://crux.ath.cx/
# --Support your government, give Echelon / Carnivore something to parse--
# classfield top-secret government restricted data information project CIA
# KGB GRU DISA DoD defense systems military systems spy steal terrorist
# Allah Natasha Gregori destroy destruct attack democracy will send Russia
# bank system compromise international own rule the world ATSC RTEM warmod
# ATMD force power enforce sensitive directorate TSP NSTD ORD DD2-N AMTAS
# STRAP warrior-T presidental elections policital foreign embassy takeover

It is rumored that somebody said the following:

> Hi all!
> 
> I'm in the process of setting up in and outgoing email services on my LFS
> machine and I've stumbled upon a question I haven't been able to find the
> answer to yet. Is there any protocols for checking email that doesn't use
> plaintext password. I haven't even been able to figure out if pop3 uses
> plaintext passwords, I think it does but I'm not sure or if there is any
> way to make it use some good form of encrypted passwords...
> 
> Also, are there any email programs (MDA's and MTA's mainly) that anyone
> can recomend on the basis of security? I'm setting up qmail right now,
> since sendmail seems to have to many exploits...
> 
> 	Sincerely,
> 	Kristoffer
> 

Remember the following:
The second you use a plaintext service, your system is just as vulnerable
as if it uses telnet instead of ssh!

So, if you're going to have a bunch of users, and want them to ssh in, and
just let them use regular pop3 or imap to transfer mail, it's sort of
illogical.

I'd recommend using stunnel, since it has an easy-to-use windoze client.
You can probably make some vb macro to put on their desktop to forward a
local port to your remote port, for pop3 or imap.

Also, keep in mind that, if you set up a smtp server, you have to deal
with rcpthosts and spam prevention and all sorts of other fun stuff. A
good way of authorizing ip's to be able to relay mail is with pop3 auth. I
know there's a patch for qmail that does this. I'm sure there's one for
postfix, too. Qmail and postfix are really good choices for secure
(against cracking) smtp servers. check out qmail.org for all sorts of fun
qmail stuff, and stunnel.org for the schtick on stunnel.

Also, if you want REALLY good encryption, just have your clients use
pgp/gpg, or maybe s/mime. That's not as user-friendly, and isn't worth it
if all you're concerned with is password cloaking.

Regards,
ben
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7GBKqeYNtruHoHAsRAhqIAKDIAeOs0n9t8rkfqvdibLQMEpsITQCgw96Q
8VxN6bov4o8IJKm/XuKDjXU=
=QoKj
-----END PGP SIGNATURE-----


-- 
Unsubscribe: send email to lfs-security-request at linuxfromscratch.org
and put unsubscribe in the subject header of the message




More information about the lfs-security mailing list