[Mimedefang] Scary... Filtering on the outbound.
David F. Skoll
dfs at roaringpenguin.com
Mon Feb 21 13:33:25 EST 2005
On Mon, 21 Feb 2005, Paul Murphy wrote:
> Alternatively, implement an encryption policy which requires that
> all encrypted messages must also include a corporate key, so that
> the filtering system (and possibly an archiving system as well) is
> capable of decrypting and checking messages.
That's an intriguing and clever idea.
> How you protect the passphrase for this key when it is used within
> MIMEDefang is a concern, but as the mail filter needs to be a secure
> system in the first place, it is not an issue I see as being major.
Actually, I see that as a huge issue. If the key is ever compromised,
then every piece of e-mail you've ever sent out is vulnerable to
decryption. That makes the MIMEDefang machine a very tempting target.
I suppose if you archive messages in cleartext, the archiving machine
is an equally tempting target. However, there are ways of securing
that machine (having it communicate with the mail server over a serial
line using a homemade protocol, and not having it use TCP/IP at all,
for example) that are not really feasible for a filtering machine.
More information about the MIMEDefang