1

I'm looking to create a black box solution that an IT administrator for a organization could easily install. They could pop it into the server rack and direct all incoming and outgoing email through it.

It would do some analysis of these emails (similar to anti-virus software) and then send the emails on their merry way. To be more specific, I want to create a digital finger print of the email and its attachments which would be stored on the machine and also send to an off-site server.

First off, in a general sense; Is this a reasonable way to make this work? Do you see any pit falls either technically or politically for a IT department to install this if requested by management?

To follow on that; What kind of open source or off-the-shelf solutions could be used as a base for this system? The analysis and finger print software we have already.

We are in the early stages of designing this solution so I open to ideas.

Derek Organ
  • 581
  • 1
  • 9
  • 20
  • Could you expand on what you mean by a "digital fingerprint" and what it's going to be used for? – Dan Carley Jun 22 '09 at 09:21
  • Hi Dan, Its not really relevant to the questions. It doesn't effect the email in any way. I want to read the emails do my own thing then send the email on as normal. – Derek Organ Jun 22 '09 at 09:35
  • Fair enough. But for the purposes of the question, you just need the entire contents of the message available to you, right? – Dan Carley Jun 22 '09 at 09:41
  • Yes we would need to read all the headers, body and attachments. We can parse the MIME format. – Derek Organ Jun 22 '09 at 10:09

4 Answers4

1

It's a little bit subjective as everybody has their favourite MTA.

I'd like to offer up Exim though.

For the reasons I gave here and I know it's possible to do what you're after.

Dan Carley
  • 25,189
  • 5
  • 52
  • 70
1

You could go with your preferred Linux/BSD distribution (I'd choose Debian for its maintenance quality, ease of use and upgrade), with your favorite MTA ( postfix is all the rage currently, but exim or sendmail are OK), ClamAV to kill viruses, spamassassin to filter spam, stick webmin atop as a GUI, et voilà!

It shouldn't take more than a day to set up to a seasoned administrator. There are tons of examples and tutorials about this out on the internets.

If you install a base debian (without X),

aptitude install postfix clamav-milter spamassassin-milter

should already give you a working mail server with spam and virus filtering.

wazoox
  • 6,782
  • 4
  • 30
  • 62
  • nice, this is the kind of thing i'm looking for. Regarding the configuration. What if I then want to write my own filtering add on to the mail server and not run any anti virus. This will be a black box solution that will be in the same setup as an existing spam filter system. I just want to relay everything and analyze it on the way through. – Derek Organ Jun 22 '09 at 14:17
  • 1
    It's easy as cake with postfix, see : http://www.postfix.org/FILTER_README.html#simple_filter – wazoox Jun 22 '09 at 17:29
1

This would be fairly simple to do using any MTA, but for my example and for sake of what is popular (and what you can receive a lot of free support for) I will use postfix.

In the master.cf file, they have the option to pipe message to a 'spawn'ed process. You can create a program - in perl, php, c or your languange of choice, then pipe the message to this program to do any kind of fingerprinting you want on it. This program would handle uploading the fingerprints to an external server.

The command would go at the end of master.cf, like so:

policy  unix    -       n       n       -       -       spawn
    user=nobody argv=/usr/bin/perl /path/to/program.pl

You then add a policy service line to main.cf under 'smtpd_recipient_restrictions =' such as:

check_policy_service unix:private/policy

This will launch the script on every recipient; you would write into this policy script to only allow message through if fingerprint is successful. Also of note, check_policy_service can connect to a TCP socket, so if your fingerprint software is running as a TCP server somewhere you could connect to it directly.

As far as any technical or political pitfalls - technically it puts another link in the chain, another point of failure, so it weakens the stability of the system a bit. Politically, it totally depends on your users - legally in the US an employer can do just about anything with work e-mail. I'm sure they wouldn't be happy (depending on what you are doing - it is not clear what this fingerprinting accomplishes) but would probably get used to it.

Dave Drager
  • 8,315
  • 28
  • 45
  • that sounds quite good, someone else has suggested checking out MailScanner.. any experience with this or foresee any issues with it? – Derek Organ Jun 22 '09 at 14:39
  • MailScanner is an addon to the MTA itself. You should be able to get your program working with it as well, but it seems like an unnecessary additional step if all you are doing is the fingerprinting of messages. I've used MailScanner reliably for at least 4 years on a machine, so it works very well. – Dave Drager Jun 22 '09 at 15:04
0

Companies like MessageLabs and EmailSystems provide SaaS solutions for this kind of thing. McAfee do an Appliance which also hits some of your points.

Are you looking to build a free version of something similar? If so have you checked VMWare's appliance listings as I'm sure I've seen some on there.

Joel Mansford
  • 985
  • 1
  • 5
  • 13
  • The software we have already will do the analysis on the emails. I'm looking to integrate this with a mail relay. So I would be building a custom solution that IT departments in organization could install. In other words I want to know what software I can use that does the mail relay part but is open source enough to allow me to add our software to it. So a hosted solution wouldn't help. – Derek Organ Jun 22 '09 at 09:34
  • In which case I would just use PostFix. Loads of options in there to process the emails on their way through – Joel Mansford Jun 22 '09 at 10:31