Topics

More security #general #mail

Kévin COSTELLOE
 

Hello Internautes !

In an effort to make inbound email more secure, I setup a relay between
the external server (mx5 in Virginia, US) and the internal servers (the
BBS & wm based in Paris, France).

At the moment, the inbound side is not getting the desired effect (TLS
errors everywhere, thanks Postfix) but a side effect is that outbound is
much more encrypted than before.

The biggest problem to work with is that the Wildcat! server does not
handle SSL very well, so to set up outbound mail relay, I had to create
a server at DreamCompute to receive mail via a VPN and toss it off in to
the wild via Mailhop.org (now DuoCirlce) while also authenticating.

Until a few minutes ago, the BBS would connect to the machine in the US
unencrypted over the VPN then send it off to DuoCircle encrypted.

Obviously, no matter what, one can not trust the Americans. Now the
setup is that the server locally wm.ec.je now accepts mail unencrypted
from the BBS (they're less than a metre appart), wm then relays off to
the front facing server using TLS, which does the same to DuoCircle.

The idea is that I also make it work in reverse using the MX GuardDog
setup, but that's still a work in progress.

The end goal is that I move some of the front machines activites back
over to a local machine and cut the cord between the external and
internal services, closing off the bridge between the machines.

But since Postfix does not really want to play the game today, that
might be a bit later on in the day.

-Kevin