encryption?

[Julian Field]

Furnish, Trever G wrote:
> This is slightly off-topic, but is anyone already doing the following or
> do you know *how* to do the following with MailScanner and/or Sendmail?
> Basically I'd like to tie in a Voltage for encryption, and it works
> entirely based SMTP.
>
> If an email with a particular message header comes into the mailscanner
> system that handles outbound email, I'd like to route it via SMTP over
> to a Voltage server, which will accept the message, encrypt it, then
> send it back.
>
> The bit I'm not sure how to do is re-routing a message based on the
> presence of a particular header.  Imagine the head is simply
> "X-Needs-Encryption: YES".  Is there a way to have MS or Sendmail send
> that message elsewhere?  Would it have to change the SMTP recipient to
> do so, or can we just hand off to the other system without changing the
> SMTP recipient (as is done by sendmail when using the mailertable
> feature)?
>   
You would probably have to change the SMTP recipient slightly to do it, 
but you can probably do it in such a way that you could reconstruct the 
original SMTP recipient again.

What I'm thinking of is a "SpamAssassin Rule Actions" setting. If you 
added the original recipient list with "Add Envelope To Header = yes" 
these would get logged in the header of the message. If you then wrote a 
tiny SpamAssassin rule such as
header  VOLTAGE_SPOTTER X-Needs-Encryption: =~ /YES/i
describe VOLTAGE_SPOTTER Spot mail that needs encrypting
score VOLTAGE_SPOTTER -0.01
you could then use a SpamAssassin Rule Actions setting like this:
SpamAssassin Rule Actions = VOLTAGE_SPOTTER=>forward 
encryptme at voltage.mydomain.com

That would take all mail with the "X-Needs-Encryption: YES" header and 
send it to encryptme at voltage.mydomain.com.

You then route that mail to your Voltage server with a 
/etc/mail/mailertable line saying this:
voltage.mydomain.com   esmtp:[my-voltage-server.mydomain.com]

Then your Voltage server needs to encrypt the mail coming to it via SMTP 
from your MailScanner server. After it's encrypted it, it needs to 
replace the original list of recipients with the contents of the 
X-MailScanner-Envelope-To: header, and send it onwards to its final 
destination. If you removed the X-Needs-Encryption: header in the 
Voltage server as well, then you could even just pass it back to your 
MailScanner server again for delivery.

I don't know if you have the source code, as I've never heard of 
Voltage, but if you can mess with envelope recipients at all then the 
above should be quite possible.

Is my explanation clear enough? Does it help at all?
I do a similar (though simpler) trick to get all my email scanned for 
images that might contain illegal (e.g. child porn, etc) content.

If anyone else is interested in scanning their mail for illegal image 
content, please contact me off-list. I have a system running here which 
works very well, but you need to sign an NDA before I can tell you much 
about it.


Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.