[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVS users: any comments on the TLS code so far ?

To: zmailer@nic.funet.fi
Subject: CVS users: any comments on the TLS code so far ?
From: Matti Aarnio <mea@nic.funet.fi>
Date: Sun, 9 May 1999 14:25:57 +0300

Hi,

I have tried to solve a problem of authenticated relay control
with various email clients that people have, and now I have
learned that while Netscape Communicator does simple plain-text
passwords over non-secure channel, the Microsoft approach does
always require TLS ( "=" OpenSSL ) stream encryption, and it won't
do plaintext login over non-secured channel.

At my work I have a couple of system instances where we need this
type of "login first for open relaying" service.

Last night I did some looking around, and found these:

  http://www.aet.tu-cottbus.de/personen/jaenicke/pfixtls/
  http://www.esat.kuleuven.ac.be/~vermeule/qmail/tls.patch

Both systems seem to implement both sides of the TLS transport,
that is, both the reception at the smtpserver, and sending by
the smtp client.

Now because I am complete novice of SSL use, I would like to have
some people commenting at the thing.  What I have done so far seems
to match with how those two example systems are done at the server
protocol processing, but the SSL certificate handling is not there
yet ...  Perhaps I have to rip off code from Postfix patch, which
has it ripped off from OpenSSL utilities/tools.
(Also that set is quite complete..)

For the client side the thing will need more complex code rework,
because the smtp client essentially uses stdio buffering on the
outbound socket, and plugging there a new encryption layer between
it and write(2) isn't quite so simple...  (sigh)

On the other hand, my problem scope doesn't contain smtp client
stream encryption.

   /Matti Aarnio <mea@nic.funet.fi>


1999-05-09  Matti Aarnio  <mea@mea.tmt.tele.fi>

	* configure.in, acconfig.h, smtpserver/Makefile.in,
	  smtpserver/smtpserver.h, smtpserver/smtpcmds.c,
	  smtpserver/smtpserver.c, smtpserver/smtptls.c:
	    Configuration options to take into use the OpenSSL
	    TLS code -- although this is not yet complete thing..

1999-05-08  Matti Aarnio  <mea@mea.tmt.tele.fi>

	* smtpserver/smtpserver.h, smtpserver/smtpserver.c,
	  smtpserver/smtpcmds.c:
	    Place-holder hooks for 'STARTTLS' related stuff...
	    (once I get the OpenSSL to work at my Alpha ..)

1999-05-05  Matti Aarnio  <mea@mea.tmt.tele.fi>

	* smtpserver/fdstatfs.c:
	    A sidestep to a problem with  fstatvfs()  at glibc 2.1.1
	    at Linux/i386/2.1.122 kernel (any 2.2.* kernel, I guess.)

	* configure.in, smtpserver/Makefile.in:
	    Autoconfigure "-lcrypt" library for the use at  @GETPWLIB@
	    cases.  Also have '--with-privateauth' option for the smtpserver
	    in case some magic private things are desired (it is possible..)

	* smtpserver/smtpauth.c, smtpserver/zpwmatch.c, smtpserver/cfgread.c,
	  smtpserver/Makefile.in, man/smtpserver.8:
	    Separate  zpwmatch()  function into its own file.
	    Have 'PARAM smtp-auth' configuration parameter (and document it
	    at the smtpserver man-page) which enables use of SMTP AUTH.
	    The default system uses classical UNIX password analysis.
	    (but see the comments at   zpwmatch.c!)

Prev by Date: HELP: lower-case aliases to upper-case accounts ending up in bitbucket
Next by Date: zmailer router cache bug (db.c:db())
Prev by thread: zmailer router cache bug (db.c:db())
Next by thread: SMARTHOST
Index(es):
- Date
- Thread