developing smtp proxy

Hi ,

I want to develop a solution in which all of the mails with attachment
will undergo a minor change i.e i will add some kind of watermarking.

For that i want to develop some kind of smtp proxy server which will
do the work of watermarking , further it will forward the mail to
actual smtp server.

Any pointers related to development of proxy server would be really
helpful.

Rgds,
Raan

Won't mimedefang/milter be a solution for this?

-- 

  //Aho

In article < XXXX@XXXXX.COM >,




I suggest that you don't do this, particularly if you are desperate 
enough for clues on how to proceed that you are asking here. A lot of 
people have written tools to do this sort of thing, and a very large 
fraction of them have been done quite badly. There are significant 
subtleties with an MTA making changes to a message body, and doing it in 
the safest possible way is not always simple. 

Instead, I suggest that you look at MIMEDefang 
( http://www.**--****.com/ ) which is a free "Milter" program that can do 
exactly what you describe except that it does so as a plug-in to 
Sendmail or Postfix rather than as an extra transport step. The 
advantage to using a very mature piece of software like MIMEDefang 
instead of writing your own is that you will be able to benefit from 
years of testing by thousands of sites with billions of messages and a 
great deal of refinement of the code over those years.

-- 
Now where did I hide that website...

Hi ,

Is direclty using milter better or using mimedefang would be better.

What are the pros and cons of each other.

Raan

MIMEDefang is a milter.


As Bill Cole pointed out, MIMEDefang is very well tested as well as 
being extensible.  There is also a large user base / support base with 
MIMEDefang that you can call on for support if you need it.



Grant. . . .

It depends on what you're trying to do.  "Directly" using milter,
I assume, means using Sendmail's reference libmilter and writing your
filter in C.


MIMEDefang is written in Perl.  Using libmilter directly means writing
C or C++ code.  So:

Pros of MIMEDefang:

o Perl is way more appropriate than C for mangling chunks of text.
o MIMEDefang is much easier to start using than straight libmilter.
o You can take advantage of 100001 CPAN modules, so your filter is probably
  98% written already.
o You don't need to worry about buffer overflows, pthreads
  synchronization issues, etc. because those issues have be taken care
  of by MIMEDefang.  (I'm fairly confident of that, anyway!)

Cons of MIMEDefang:

o Perl uses way more memory than C (unless you write bizarre C.)
o Perl is potentially much slower than C, depending on what you're trying to do.
o MIMEDefang doesn't map all of libmilter's callbacks, so you do lose a little
  flexibility.

All in all, I'd strongly recommend going with MIMEDefang first because
you can whip up a filter in a few minutes.  Then if (and only if) you
determine that the function can't be done efficiently/effectively in
Perl, write a C milter.

Regards,

David.

Hi All,

Thanks for providing me information.

I have one more question specific to MIMEDefang.

I want to change my attachment say abc.doc to encrypted abc.doc.

I was searching for various methods available but I could only find
the method for changing the attachment with URL. I could not find any
method that could replace my attachment .

Can you tell me how can I only replace the attachment of the mail with
another document.

Rgds,
Raan

*nod*


Ok...


Ew, that is not a question.  That is an entire 55 galen drum of worms, 
if not multiple.


Really, it's going to be the same procedure as used to replace the 
attachment with a URL.  That is to say you will be identifying and 
removing the attachment, processing it, and putting something back in 
its place.  In your case you are just wanting to put an encrypted 
attachment back verses a URL.


Encrypting the attachment is not as easy as you might think.  You have 
to have support with in the attachment in question for encryption or you 
have to use an encrypting wrapper.  There is also the problem of what 
encryption method / key do you use based on each recipient.

If you are just wanting to protect the message and its included 
attachment(s) from prying eyes I suggest that you look at encrypting the 
entire message including attachment(s).  Presently S/MIME and PGP are 
the two main standards that I'm aware of.

Is it possible to come up with something to take a non encrypted message 
and encrypt it, sure.  However you will still have to deal with which 
encryption key to use based on which recipient.



Grant. . . .

[...]


You need to use the MIME::Tools interface to do that.  See the
following man pages for starting points:

          mimedefang-filter
          MIME::Entity

Regards,

David.

Hi All,

Thanks for your input.

My encryption mechanism and software is already developed as
webservice , and it is already used by other applications.
Thus the key management and encryption mechanism is already available
as web service.

Now i have to plugin to sendmail. We have already thought of all
issues related to key and encryption.

But i m newbie to sendmail and mimedefang.

I want to perform the following things

1. Storing the document in some place.
2. Calling the web service from the filter or filter-end method and
storing the returned encrypted file.
3. Changing the attachment with new attachment.

thus i have two questions

First is related to MIMEdefang. how can i change the attachment in
mimedefang ?

Second is it possible to call web service from perl ?

Regards,
Raan

You are welcome.


Ok...


...


Hum... (See below.)


I don't have any experience so I can't say for sure.  Seeing as how 
MIMEDefang is written in Perl and Perl has the tools / libraries to read 
MIME structures and alter them I see no reason why you could not use 
MIMEDefang to run your own Perl code to do that.  David?


Again I have not done it my self, but I have done many other things from 
Perl including writing my own SMTP engine and used other libraries to 
pull (HTTP GET) data from web servers.  I see no reason why you could 
not write something that communicates with web pages.  If you do go this 
route, I'd recommend that you look in to how things like SOAP work (with 
XML) so you are not screen scraping.

However based on the method that you have out lined above, I would 
suggest that you not do this as a milter but rather as a delivery agent. 
  That is to say I'd recommend that you use something like MailerTable 
to route messages that need to be encrypted in to your encryption 
gateway mailer (delivery agent).  Have said mailer deliver the message 
in to a queue and finish the SMTP process.  Then you could have another 
process take the message and use the web app that you have in place and 
take the output and re-mail it to the proper recipient as an entirely 
new message.  Now if your web app was a front end to an encrypting back 
end, you might be able to have a milter communicate with the same back 
end code.

I think I would seriously evaluate whether or not this qualifies (as I 
understand what you have laid) as a process that should run in a milter 
or not.



Grant. . . .