[Mimedefang] FTC asks ISPs to crack down on zombie PCs
James Ebright
jebright at esisnet.com
Thu May 26 17:27:29 EDT 2005
On Thu, 26 May 2005 16:22:33 -0400, Josh Kelley wrote
> My MUA doesn't know the final delivery MTA, so it can't encrypt a
> message for viewing by the final delivery MTA only. Instead, it
> uses TLS to encrypt the entire SMTP conversation with my local MTA.
> My local MTA then takes the plaintext message and passes it on to
> the next MTA in the delivery chain. If the next MTA supports TLS,
> then the message is re-encrypted, passed across the wire as part of
> an encrypted SMTP conversation, and again decrypted by the next MTA.
> And so on to the final location. TLS encrypts traffic across the
> wire, but each MTA in the chain sees the message.
Well, I am not sure 100%, most of my info on this is from several orielly
books and the only one in front of me atm is the network security hacks one
which does describe TLS like I did above, but...
I believe that sendmail uses Diffie-Hellman key exchange and the MTA only
keeps the master_secret in memory for a short period of time and must be
redetermined during every conversation, so technically yes, I think a middle
MTA could see it, but it would be alot more work than I would be willing to
put in to see it in real time. I suppose you could modify the source to store
unencrypted local copys and mirror that in real time.... but I can think of
other easier ways to get copies of your outgoing email if I really wanted them
(like say for a court ordered subpeona).
If the data is that sensative then use a third party encryption on the message
itself or dont send it via email.
Jim
--
EsisNet.com Webmail Client
More information about the MIMEDefang
mailing list