HPE Community
Operating System - HP-UX
1752749 Members
5013 Online
108789 Solutions
New Discussion юеВ

Re: Enhance sendmail security for HP-UX /Linux mail servers.

 
Steven E. Protter
Exalted Contributor

тАО10-19-2006 05:15 AM

тАО10-19-2006 05:15 AM

Enhance sendmail security for HP-UX /Linux mail servers.

Shalom to all,

I manage my own domain and hand out email accounts to people who need them, whom I wish to work with.

Invariably, due to various factors these addresses end up on spam lists.

My response of late has been to use throw away email addresses and my mail form http://www.isnamerica.com/contactsep.shtml which allows me to decide whether the inquiry gets to contact me.

The bottom line is I'm tired of throwing away email addresses because inevitably someone doesn't get the message and can't reach me.

I noticed that my credit card companies with their notices remind me to include the addresses they use to send out notices in my address book so that they can continue reminding me when to make payments and such.

I know that certain mail clients use the address book or other list management to deny access to unauthorized senders.

I think that is a nifty idea and would like to implement it. Since sendmail is the mta that would be the logical place to do it globally.

Needs:
A web interface with authentication that allows users to manage their lists.

Lists stored in a format that I can access them with a shell script and build them into the access database with my already nifty scripts.

I know I can actually do this myself. I can create an https page and let people manage lists that sit in clear text on their home directories which I know are secure. I'm not thrilld about writing the code and integrating it seems a pain. Try and get two people to agree on a mail reader. You need three, one for each and one for them both to boycott. Perhaps 4 because they won't be able to agree on which to boycott.

Other ideas:
A squirrelmail plugin. I can definitely read anything squirrelmail saves on disk with my sendmail scripts.

My servers are going to become a black hole that simply will not accept inbound mail from anyone not on their mailing lists.

Of course, I'm, not happy to spend money on this as funds are always limited.

Your thoughts and links will of course be rewarded.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
8 REPLIES 8
Peter Godron
Honored Contributor

тАО10-22-2006 06:55 PM

тАО10-22-2006 06:55 PM

Re: Enhance sendmail security for HP-UX /Linux mail servers.

SEP,
would your setup be 'clever' enough to reject emails with faked 'from' addresses ?
Most access list systems seem to work on the idea that anything is ok to be let through, as long as the receiver address is correct and the sender is on the list.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО10-22-2006 07:05 PM

тАО10-22-2006 07:05 PM

Re: Enhance sendmail security for HP-UX /Linux mail servers.

Shalom Peter,

Initially no, however it could be made clever enough to do this. There are some sendmail rules to match domain name back to source. They are problematic but workable.

Seems the users that are effected want the system. They are tired of changing email addresses as am I. I'll end up providing them all with a secure form (see my profile) and they're going to put something like that on their business card instead of email.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Geoff Wild
Honored Contributor

тАО10-23-2006 02:35 AM

тАО10-23-2006 02:35 AM

Re: Enhance sendmail security for HP-UX /Linux mail servers.

I think this is a good idea but also think allowing anyone to access the form to "request" that they be allowed to send you email.

I think the Sendmail "REJECT" message should include the URL of the form.

Something like:

reject:"554 - you are not on my accepted mail list, please see http://myform.somewhere.com"

Then a "real" person could just fill in that form and the client would get an email stating soandso@letmesendemailtoyou.com wants to send them an email.

They can then go to the "manage my mailing list" and add them.

This is very similiar to a challenge/response system - and you need to be careful - as those tend to get blackholed by spamhaus (I know - I tried "ask" for a while).

IE - make sure you use REJECT and not try to send an email.

I don't think a webmail plugin is needed - better to have it self contained - that way it doesn't matter what the client uses.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО10-23-2006 03:21 AM

тАО10-23-2006 03:21 AM

Re: Enhance sendmail security for HP-UX /Linux mail servers.

Geoff,

I agree with you.

Right now the application that most easily generates address lists is squirrelmail. So the people using squirrelmail have been warned update your address lists.

Those that do not will get a tutorial with some pictures and have to update their address lists.

Those that choose to ignore the whole process will pay increased storage fees for their spam. I can excempt certain domains from the process by relaying their mail from temporary servers on the firewall.

Its all aboard really and there will be a general form that people will be able to fill out to let our users know that someone wants to reach out and email them.

Part of the project is taking the extensive access datase we have and modifying all of the messaging to point to the page which has as yet not been developed.

This pretty much solves my problem. I don't have any complaints about not getting enough mail. The complaint I get is spam volume is increasing because most people are too ignorant and hand out their email address to easily.

My next batch of cards in the US if they print them will simply include a web page for initial contact. I'll save a lot of money printing cards that way.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Volker Borowski
Honored Contributor

тАО10-23-2006 07:56 AM

тАО10-23-2006 07:56 AM

Re: Enhance sendmail security for HP-UX /Linux mail servers.

Hi Steven,

the overall idea makes sense, although I think such a web-form should be https encrypted, because any intelligent router would be able to parse http traffic for E-Mail adresses or even worse the phone numbers.

Funny for me is, that you use an english "Send Request" Button but a "Reset" Standard button which get translated to German "Zuruecksetzen" (Even with a correct Umlaut, which is not displayed correctly in this forums preview) in my case :-)

In addition I know of some forums I used to register in, that there are robots that are able to fill out these forms to get accounts. Forums usually include a garbled 6 letter graphic that needs to be translated to text by the person registering. -> Might sort out some robots.

Volker
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО10-23-2006 08:41 AM

тАО10-23-2006 08:41 AM

Re: Enhance sendmail security for HP-UX /Linux mail servers.

Volker,

the test form is https encrypted.

Good that you mentioned it in case someone else comes across this thread.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Volker Borowski
Honored Contributor

тАО10-24-2006 07:20 AM

тАО10-24-2006 07:20 AM

Re: Enhance sendmail security for HP-UX /Linux mail servers.

Hi Steven,

the http link in you intro-posting is not transformed or redirected to a https link/site in my browser and I get no lock displayed in the browser footer line.
Does not look encrypted to mee.

Did I get something wrong ?

Or do you use a diffent page for your "real" contacts and this is just a sample for discussion (that would explain it :-)

Volker
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО10-24-2006 09:33 AM

тАО10-24-2006 09:33 AM

Re: Enhance sendmail security for HP-UX /Linux mail servers.

Oh no volker that is a template.

I'm going to use httpd redirect in httpd.conf to make the actual page go encrypted.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.