Re: Re[4]: [vchkpw] SMTP Auth HOWTO?

2004-05-22 Thread Erwin Hoffmann 
Hi troll,

At 21:39 21.05.04 +0200, you wrote:
>Hello Erwin,
>
>Friday, May 21, 2004, 7:37:15 PM, you wrote:


>EH> Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/
>EH> Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24
>
>To be rude and without respect, this was the speciality of Your
>ancestors when they pretended to be the most bright race on Earth.
>For Your records annoo 1914-18, 1940-1945.  Clearly, some can't deny
>their roots.

Though I live in Germany, I'm not German.

It would be better, to go back to some useful discussion.

regards.
--eh.

Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/
Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24

Re[4]: [vchkpw] SMTP Auth HOWTO?

2004-05-21 Thread magazine 
Hello Nick,

Friday, May 21, 2004, 10:13:29 PM, you wrote:

NH> Return-Path: <[EMAIL PROTECTED]>
NH> Delivered-To: [EMAIL PROTECTED]
NH> Received: (qmail 98433 invoked by uid 1017); 21 May 2004 20:24:45 -
NH> Received: from venus.teleshop.name
NH> by localhost with POP3 (fetchmail-6.2.5)
NH> for [EMAIL PROTECTED] (multi-drop); Fri, 21 May 2004 22:24:45 +0200 (CEST)
NH> Received: from venus.teleshop.name ([unix socket]) (author=jurgen_0001)
NH> by venus.teleshop.name (Cyrus v2.0.17); Fri, 21 May 2004 20:15:43 +
NH> X-Sieve: cmu-sieve 2.0
NH> Envelope-to: [EMAIL PROTECTED]
NH> Delivery-date: Fri, 21 May 2004 20:15:43 +
NH> Received: from mail.inter7.com ([209.218.8.20])
NH> by venus.teleshop.name with smtp (Exim 3.36 #1)
NH> id 1BRGQf-000FiL-00
NH> for [EMAIL PROTECTED]; Fri, 21 May 2004 20:15:41 +
NH> Received: (qmail 10317 invoked by uid 511); 21 May 2004 20:15:38 -
NH> Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
NH> Precedence: bulk
NH> List-Post: 
NH> List-Help: 
NH> List-Unsubscribe: 
NH> List-Subscribe: 
NH> Reply-To: [EMAIL PROTECTED]
NH> Delivered-To: mailing list [EMAIL PROTECTED]
NH> Received: (qmail 10307 invoked by uid 0); 21 May 2004 20:15:38 -
NH> Message-ID: <[EMAIL PROTECTED]>
NH> From: Nick Harring <[EMAIL PROTECTED]>
NH> To: Nick Harring <[EMAIL PROTECTED]>
NH> Date: Fri, 21 May 2004 15:13:29 -0500
NH> MIME-Version: 1.0
NH> X-Mailer: Internet Mail Service (5.5.2655.55)
NH> Content-Type: multipart/alternative;
NH> boundary="_=_NextPart_001_01C43F70.5399BB8C"
NH> X-Spam-Score: -98.048 Required 6
NH> X-Scanned-By: MIMEDefang 2.37
NH> Subject: Re: Re[2]: [vchkpw] SMTP Auth HOWTO?
NH> X-Fetchmail-Warning: recipient address [EMAIL PROTECTED] didn't match any local 
name

NH> On Fri, 2004-05-21 at 14:36, [EMAIL PROTECTED] wrote:
>> Hello Nick,
>> 
>> Friday, May 21, 2004, 8:02:19 PM, you wrote:
>> 
>> 
NH> 
>> NH> 
>> 
>> Privacy issues are hot topic, You known.  If You known, some
>> 'sensitive' data is often maintained with a single mailbox.  I give
>> You some samples.  A domainname You own, which can be stolen by
>> impersonating You, by a hacked mailbox.  Or someone, who use Your
>> mailbox to contact your customers (if You have a company).  Ok, with
>> all worms out, it's common mailboxes are often spoofed, but it's
>> realy embarrassing if the mail comes from Your servers !  When Your
>> mailserver is server hops away from You,  You consider encrypting the
>> route to it.  I wouldn't care someone snifs my browsing attitudes, but
>> I wan't to keep my mails to my customers, my mails to maintain cvs or
>> domainnaims protected, so it all starts with a secure mailserver.
>> 
NH> Encrypting traffic between your mail client and your mail server has
NH> very little to do with what you're talking about. Keeping email secure
NH> is completely different from encrypting the stream of conversation
NH> between you and your smtp server.

Yes, i understand what You mean.  But I am talking about the security
issue, not to neglect the security issues when You connect from 'Your home',
very often in a C-range/mask 255.255.255.0 with others, You pass
a gateway, several routers to reach Your mailserver and You log in, in
an unsecured way.  With SMTP-auth, You sent in plain or cram Your
mailadress and password, which is the same as Your POP(S) account.
Every hop can trace Your mailadress and password.  Using smtps, You
don't have this problem.

Encrypting the stream.  If You have many customers on the same
mailserver, You prefer to encrypt it, because the mail goes encrypted
from You to them, and visa versa.  There are no other servers
involved.

I agree on the matter, when You leave Your mailserver to others. In
this case, You are correct.


NH> Even protecting privacy doesn't really
NH> enter into encrypting this stream.
NH> Real security comes from applications of cryptography to provide
NH> identity and content verification, not just content obfuscation. PGP/GPG
NH> signing each email to validate content and identity of origin is a big
NH> start. PGP encrypting the contents of sensitive messages directed to
NH> specific recipients is an even bigger next step. However the email
NH> infrastructure, and its often undirected recipients, makes this a
NH> difficult proposition.

Right now we have on the serverlevel : virusdetection and spam
detection.  serverside-signed mails shouldn't be such problem when using
the dot qmail ?

>> >>I agree on this.  But why to promote smtp-auth in plaintext, cram when You have 
>> >>smtps
>> >>to secure the stream up to Your mailserver (one step), but in this
>> >>step, You 'can' have many hops between You and Your workstation, so
>> >>this stream is the first to protect anyway.  I agree on the fact there
>> >>aren't many TLS servers, but if everyone do his own part to install
>> >>

Re[4]: [vchkpw] SMTP Auth HOWTO?

2004-05-21 Thread magazine 
Hello Erwin,

Friday, May 21, 2004, 7:37:15 PM, you wrote:

EH> Hi,

EH> At 17:21 21.05.04 +0200, you wrote:
>>Hello Erwin,
>>
>>Friday, May 21, 2004, 5:14:30 PM, you wrote:
>>
>>EH> Hi,
>>
>>EH> At 11:41 21.05.04 +0200, you wrote:
Hello blist,

>>
In the OLD days, people were happy with SMTP-Auth.  I consider it LESS
security as SMTP after POP, because with SMTP-Auth, You sent Your
e-mailadress and Your password of Your mailbox over the internet.
When a man-in-the-middle catch this e-mail (or worse Your PW), he can
use it for spam, or access Your mailbox.
>>
>>EH> This is only true for SMTP Authentication of type "plain" and "login".
>>
>>EH> With CRAM-MD5 its quite save.
>>
>>EH> Read: http://www.fehcom.de/qmail/smtpauth.html#FRAMEWORK
>>

>>Yes, it's 'quite' safe, but You still reveal Your e-mailadress.
>>If there are many hops between Your workstation and the smtpserver,
>>You can get some spam in return.

>>More, Your mail is sent in plaintext.  I prefer encrypted streams,
>>so SUPP's patch which encrypts the stream with SSL, and authenticate
>>afterwards (in plaintext) is still the best way to go, it's not a big
>>effort to realize.

EH> Pls. tell us how you intend to communicate to the rest of the world by
EH> means of email with encrypted addresses.

EH> You are joking, troll.

EH> regards.
EH> --eh.



EH> Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/
EH> Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24

To be rude and without respect, this was the speciality of Your
ancestors when they pretended to be the most bright race on Earth.
For Your records annoo 1914-18, 1940-1945.  Clearly, some can't deny
their roots.

-- 
Best regards,
 DEBO Jurgen
 mailto:[EMAIL PROTECTED]


 www.guide.be * www.gids.be * www.guide.fr * www.shop.fr

 / \ sarl GUIDE (sdet)
 --- the GUIDE, de GIDS, TELESHOP, SHOP
 __   |   __ 128, rue du faubourg de Douai  
|  /  |  \  |FR-59000 Lille, La France
 / \  |  / \ Tél/Fax +32 59 26.91.51 Mobile +32 479 212.841
 /|__\|/__|\ Sitehttp://sarl.guide.fr
 \|  /|\  |/ N° TVA  FR-55.440.243.988
|\ /  |  \ /|RC Lille 74075/2001B01478
|__\  |  /__|Siret 440 243 988 00027
  |  Compte BE: KREDBEBB (BIC) BE56.466-5571951-88 (IBAN)  
 
 --- Compte FR: CMCIFR2A (BIC) FR76.1562-9027-0200-0455-1870-127 (IBAN)
 \ / Conditions (terms): http://sarl.guide.fr/conditions.php  

www.teleshop.fr * www.teleshop.be * www.teleshop.biz * www.teleshop.info * 
www.teleshop.name