Re: pre-connect and smtp ?

From: Brian Stafford <brian stafford uklinux net>
To: christophe barbe <christophe barbe ml online fr>
Cc: balsa mailing-list <balsa-list gnome org>
Subject: Re: pre-connect and smtp ?
Date: Sun, 19 Aug 2001 18:07:37 +0100

On 2001.08.19 14:09:52 +0100 christophe barbe wrote:
> I would like to use a remote smtp server using SSH port forwarding
> capability.
> This is generally done by a pre-connect script that initiate a ssh
> connexion with smtp port forwarding.
> Some MUA and mail-checking applets allow to specify a preconnect command.
> 
> Is there already a way to do that with balsa (I believe not) ?

Firstly, functionality such as this belongs in libESMTP, not Balsa.  Considering
that libESMTP has support for the STARTTLS extension why would you want SSH
tunnelling in any case?   After all, STARTTLS is standards compliant and the
mechanism has been subject to peer review through the IETF.  Using an SSH tunnel
is an ad-hoc solution to a problem that has already been solved (twice over in
fact, there is ssmtp on port 465 which, similarly to https, provides the SMTP
protocol over SSL/TLS).  In any case, there are alternative tunnelling programs
that add STARTTLS capability to any MTA, see the links from the OpenSSL web site.
The use of one of these is preferable to tunnelling using SSH.  The current verion
of sendmail supports STARTTLS.

Bear in mind the following - encrypting an SMTP session does not achieve security
or confidentiality of the message.  SMTP is a store and forward protocol.  To secure
the entire sender to recipient path, *every* hop must be transported over a
secure connection and the message must be encrypted when stored on MTAs along
the delivery path.  The former requirement cannot be enforced, there is no
way to force every hop in the delivery path to be encrypted.  To my knowledge,
the latter requirement does not happen in practice.  Besides it cannot be
enforced either.

Finally, my bottom line for libESMTP is that if it is described normatively
in a standard I will implement it sooner or later providing it is relevant to
mail submission.

Since SMTP over a SSH tunnel is an ad-hoc solution, I will not write any code
supporting it.  Since ssmtp is hardly deployed and I can't find a RFC describing
it, I am unlikely to write code to support that either.

The STARTTLS extension (RFC 2487) is usable in the current libESMTP.  A small amount
of code is needed in balsa to call the libESMTP APIs to enable it.  If certificate
handling is important I will put the effort into making it work.  But bear in
mind that SSL/TLS is a very poor match for SMTP.  If you want real message security,
use S/MIME or PGP/MIME.  Balsa would benefit from real encryption and digital
signing than from ad-hoc tunnelling that in reality achieves nothing and worse,
gives users the false impression of confidentiality.

I have no objection to the concept of SSH tunnelling, I just think it is not
a good idea in conjunction with SMTP.  If you *really* want SSH tunnelling, why
not set up the tunnel using inetd?   Set up the inetd to respond to connections on
port 587 by executing a shell script which in turn connects the tunnel to the remote
server.  The script presents the SMTP session on its standard input and output.
Surely this is the Un*x way?  Programs which interoperate with each other in
useful ways, not monolithic applications.

Regards,
Brian Stafford

Follow-Ups:
- Re: pre-connect and smtp ?
  - From: M . Thielker

References:
- pre-connect and smtp ?
  - From: christophe barbe

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]