From owner-freebsd-security Tue Apr 25 16:26:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from katroo.Sendmail.COM (katroo.Sendmail.COM [209.246.26.35]) by hub.freebsd.org (Postfix) with ESMTP id D5D2837B5A2 for ; Tue, 25 Apr 2000 16:26:31 -0700 (PDT) (envelope-from chrisd@sendmail.com) Received: from sendmail.com (gabriel.Sendmail.COM [10.210.100.74]) by katroo.Sendmail.COM (8.9.3/8.9.3) with ESMTP id QAA29535; Tue, 25 Apr 2000 16:26:15 -0700 (PDT) Message-ID: <39062997.B18132A0@sendmail.com> Date: Tue, 25 Apr 2000 16:26:15 -0700 From: Christian DeKonink Organization: Sendmail, Inc - Services Department X-Mailer: Mozilla 4.61 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: Darren Henderson Cc: freebsd-security@FreeBSD.ORG Subject: Re: SPAM Problem!! References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Darren Henderson wrote: > > > Probably its being done somewhere already, if so I would like to see > pointers to it... perhaps its time to start looking at a replacement for > smtp. SMTP-NG or some snazzier acronym for secure messaging. While there isn't a pointer just yet, there will be soon I hope. > > Something that is designed for the environment that now exists. How about Sendmail? It runs IPv4 and also on IPv6. > > What features would we want to see, what features would be reasonable? > Lets hear some suggestions. Maybe they are already implemented. The sendmail code is opensource and the sendmail consortium is open to suggestions. > - secure transmission The next version of OpenSource sendmail, 8.11, will have the ability to encrypt messages while in transit as long as both source and destination MTAs are using TLS. The current _commercial_ version of Sendmail supports server to server encryption of email messages using TLS. It would be necessary, that all hops that an email touches, use TLS in order for the message to be transferred securely. If one hop doesn't support TLS then incoming and outgoing messages to that hop won't get encrypted. > - verifiable transmission path, every system that touches it is > verifiable and authenticated This framework for this system is already in place. In order for this suggestion to work everyone would have to participate using Digital Certificates. Say for example you would only accept email from a machine who can verify they are who they say they are using digitally signed certificates. This requires you to be able to verify the signature of all of the various Certificate Authorities people might use. Not a problem if you trust the Certificate Authority who signed the cert. With openssl it is possible to be your own CA, and sign your own Digital Certificates. The question is, who is going to trust someone who says I am so and so because I said I am. Encryption will still work, using self signed certs, but will others verify you. Authentication methods are in place (MTA-MTA Auth using DIGEST-MD5 encryption or MUA-MTA auth using TLS) to authenticate with a username and password. > - each system encapsulates the entire message, think nested pgp signed > messages > - make the forging of headers very difficult This could be done if everyone uses digitally signed certificates. Unfortunately you can't force people to use them. There is a mechanism already there in Commercial Sendmail, and soon Sendmail 8.11 OpenSource, called STARTTLS which lets you reject messages that are not verified to be from the domain they claim to be. STARTTLS can be used to allow relaying based on certificates, and to restrict incoming or outgoing connections. For this purpose, several rulesets are available which require some new macros and the access map. here is the URL http://www.sendmail.org/~ca/email/starttls > - etc etc etc > > What would a secure, difficult to forge, auditable messaging system look > like? Please, I'd like to hear. Thanks Christian -- Christian DeKonink Technical Support www.sendmail.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message