Need email server aid
Chuck Kuecker
ckuecker at ckent.org
Fri Apr 23 02:21:26 UTC 2010
Alvin Thompson wrote:
> On 04/22/2010 08:39 PM, Chuck Kuecker wrote:
>
>> Ultimately, this will be a wireless product that will be out in the
>> wild, and will need the capability to connect anywhere, assuming the
>> user has an email account on the network, somewhere in the world. At
>> present, I'm just playing with basics using the built-in Ethernet port
>> included with the development system.
>>
>
> In that case, you will need to configure things differently. You have 3
> choices, from worst to best:
>
> 1. Include one of the tiny SMTP servers out there on the device, and
> have the device connect directly to destination SMTP server. This is
> the simplest solution because you will need to include an SMTP server on
> the device no matter what (explained below), but this is also
> problematic because there are ISPs out that will not accept mail from
> 'untrusted' IP addresses. If the device is mobile, you can make no
> guarantees on what network or IP address the device will be using.
>
> 2. Use a password stored on the device to relay mail through your mail
> server (using TLS, of course). If the device gets hacked, the hacker
> has your password and can relay mail through your system.
>
> 3. The best option. On each device, include a unique public/private key
> pair and use that to authenticate, encrypt, and relay mail though your
> mail server. If a device gets hacked, you just have to disable the key
> for that specific device on your server. Better yet, if you're also
> charging a service fee and the client doesn't pay the bill on time, you
> can simply disable email (and other services for the device) until they
> bring their account current.
>
> Option #3 is even better if this is an "always on" device. If that's
> the case, you can provide a pass-phrase to the private key, to be
> entered by you (or your henchmen) when the device starts up for the
> first time. When you do that, you can guarantee 3 things (I like 3's):
>
> 1. Messages that claim to be from the device are indeed from the device.
>
> 2. Messages cannot be read by anyone except authorized parties.
>
> 3. Messages cannot be altered in any way in transit. What is sent is
> what you get.
>
> The only thing you can't guarantee with this method is that sent
> messages will actually be received. This is how iPhones work (I think),
> and that's why you need to connect iPhones to iTunes on order to
> activate them (it's getting the pass-phrase for your private key-- at
> least I think so). It's about as secure as things get.
>
> Anyway, you will always need an SMTP server on the device to queue sent
> messages if an internet connection or your server isn't available at the
> moment. Otherwise, you risk unnecessarily losing sent messages.
>
> Hope this helps,
> Alvin
>
>
Great help. Thanks for the suggestions.
The final product will likely need encryption, anyway.
Chuck
More information about the ubuntu-users
mailing list