[lug] smtp authentication with sendmail

Bear Giles bgiles at coyotesong.com
Fri Apr 12 20:07:09 MDT 2002 

> I'm completely in bed with sendmail, so moving to qmail or postfix is out 
> of the question less a complete overhaul of a fairly complex environment. 
> In short, its just not worth it as long as I watch my back and lock down 
> the hatches as best I can.

You can stay with sendmail without leaving yourself wide open to anyone
with a packet sniffer.

Make no mistake: IF YOUR ROAMING USERS AUTHENTICATE AGAINST /etc/shadow
VIA AN UNENCRYPTED CHANNEL YOU WILL BE (CR|H)ACKED.  You may not care
because you don't think there's any sensitive information on that site,
but the crackers can use your system as a base of operations to attack
other sites.

Those other sites may have pissed off lawyers and a strong argument that
anyone using system passwords in plaintext today (Windows users or not)
unless absolutely necessary is acting in a negligent manner.  That's why
many servers, PAM and SASL? allow authentication against an arbitrary
file, not /etc/(shadow|passwd).

> Asking for users to using certificates for authentication or port 
> forwarding, its also pretty out of the question. My user base is 100% 
> Windows based, non-technical folk who just want to send and receive their 
> mail.

What do you think will happen if/when your mail server is cracked?
Security is not intended to annoy people, it's intended to ensure that
a resource is always available to the people authorized to use it.
We have locks on our homes so that our TVs are there for us to watch
when we get home, and locks on our cars so that they are there to take
us home to watch those TVs.

If you cut corners on the security of your mail server, it won't be
there for your users and they'll be *far* more pissed at learning that
it will take a day or two to rebuild the mail server - and weeks to
get off the RBLs - than they'll be at modest security measures.  Explain
this to them - and that this concern is why many companies do not let
roaming users send mail through their home system, and you'll find a
lot of understanding users.

As for the "Windows based, non-technical folk" I think you would be
surprised by how easy it is to install and use certs in the latest
generation of MS products.  I'm 99% sure that you can use them when
downloading mail via IMAPS, and 90+% sure that you can use them when
sending mail.  But I'm not absolutely sure on the latter - there's
the issue of how you authenticate to the server vs. how you tell O/OE
to sign or encrypt a message.

> Unfortunately, they're roaming and have no desire to change their 
> smtp server based upon the LAN/DUN they attach to for the week.

Who has suggested changing the SMTP server based on location?  My
comments earlier were related to some specific problems with qmail's
implementation, but if you're staying with sendmail(+tls) then it's
a moot point.

> I need a way to allow for user to pop/send from my servers no matter where 
> they are on the internet, and try my best to prevent the servers I'm using 
> to become the hideout of scum and villany known as spammers.

As I mentioned above, pass system passwords in plaintext and spammers
will be the least of your worries. 

Bear

More information about the LUG mailing list