Need email server aid

Chuck Kuecker ckuecker at ckent.org
Fri Apr 23 02:21:26 UTC 2010


Alvin Thompson wrote:
> On 04/22/2010 08:39 PM, Chuck Kuecker wrote:
>   
>> Ultimately, this will be a wireless product that will be out in the
>> wild, and will need the capability to connect anywhere, assuming the
>> user has an email account on the network, somewhere in the world. At
>> present, I'm just playing with basics using the built-in Ethernet port
>> included with the development system.
>>     
>
> In that case, you will need to configure things differently.  You have 3 
> choices, from worst to best:
>
> 1. Include one of the tiny SMTP servers out there on the device, and 
> have the device connect directly to destination SMTP server.  This is 
> the simplest solution because you will need to include an SMTP server on 
> the device no matter what (explained below), but this is also 
> problematic because there are ISPs out that will not accept mail from 
> 'untrusted' IP addresses.  If the device is mobile, you can make no 
> guarantees on what network or IP address the device will be using.
>
> 2. Use a password stored on the device to relay mail through your mail 
> server (using TLS, of course).  If the device gets hacked, the hacker 
> has your password and can relay mail through your system.
>
> 3. The best option.  On each device, include a unique public/private key 
> pair and use that to authenticate, encrypt, and relay mail though your 
> mail server.  If a device gets hacked, you just have to disable the key 
> for that specific device on your server.  Better yet, if you're also 
> charging a service fee and the client doesn't pay the bill on time, you 
> can simply disable email (and other services for the device) until they 
> bring their account current.
>
> Option #3 is even better if this is an "always on" device.  If that's 
> the case, you can provide a pass-phrase to the private key, to be 
> entered by you (or your henchmen) when the device starts up for the 
> first time.  When you do that, you can guarantee 3 things (I like 3's):
>
> 1. Messages that claim to be from the device are indeed from the device.
>
> 2. Messages cannot be read by anyone except authorized parties.
>
> 3. Messages cannot be altered in any way in transit.  What is sent is 
> what you get.
>
> The only thing you can't guarantee with this method is that sent 
> messages will actually be received.  This is how iPhones work (I think), 
> and that's why you need to connect iPhones to iTunes on order to 
> activate them (it's getting the pass-phrase for your private key-- at 
> least I think so).  It's about as secure as things get.
>
> Anyway, you will always need an SMTP server on the device to queue sent 
> messages if an internet connection or your server isn't available at the 
> moment.  Otherwise, you risk unnecessarily losing sent messages.
>
> Hope this helps,
> Alvin
>
>   
Great help. Thanks for the suggestions.

The final product will likely need encryption, anyway.

Chuck




More information about the ubuntu-users mailing list