T
@morbiuswilters said:That's convoluted as fuck and also wrong. The incoming SMTP server is for accepting mail addressed to the domain from external domains.
Question: If an outbound email server that you personally configured receives a connection, which AUTHs as a local user, then sends a MAIL FROM that user, and RCPT TOs it to another local user, and (assuming that it doesn't get any 4xx or 5xx codes in the process of doing that) then sends a DATA portion with a message and a final dot, what happens to the message?
I can see three possibilities:
It delivers it to the recipient's inbox directly, marking itself as an inbound server, rather than an outbound server. WTF
It sends it on to the inbound server. I have it on good authority that this is "convoluted as fuck and also wrong", so I'm betting this isn't the answer.
It rejects the message, leaving anyone who was hoping to simply configure one outbound MTA address in their browser SoL.
None of these possibilities seem very good to me, so I am looking forward to finding out how one should really handle this case.
@morbiuswilters said:@tgape said:As they do TLS1 talking to it, and the outbound email servers requires that the TLS certs verify and are signed by the specific cert authority that signed them, we don't need to worry about people spoofing their IPs or any such crud.IP spoofing isn't even possible anyway, with or without TLS. And setting up TLS on every client is a real PITA, so it's usually only used to encrypt the message stream and handle server-to-server auth, not client auth.
IP spoofing may be possible, if either the attacker can get between the MTA and the machine it is spoofing, or it can talk on the same channel as the machine it is spoofing, the attacker can predict sequence numbers from the MTA machine, the MTA is using an old-style permissive TCP/IP stack, and the attacker can respond quicker on every packet despite the latency gap. Either case is a pretty high barrier to entry. However, it's technically possible. Most companies don't need to worry about it, because they leave enough other avenues of attack which are far easier to exploit to get the same net result. That having been said, let me refer you back to my comment about paranoid IT Security folk...
However, I apologize for confusing you into thinking that I was talking about setting up TLS on clients when I stated, "The external outbound email servers only accepts mail from the internal outbound servers and the external inbound servers. As they do TLS1 talking to it, ".
1 Just so y'all don't seg-fault on a bad pointer, I'll say something about how fricking trivial it is to set up an email client to do TLS on the basis of the host cert only. I believe some clients will just do it out of the box whenever talking to a TLS capable MTA, until you tell them not to. However, I haven't verified this claim. What I have verified is that the companies where I used to be involved with the mailhost teams generally had a lot more DHCP addresses talking TLS than one would expect, given the apparent lack of security awareness of the typical rank and file employee.