Unix

Maitland Bottoms bottoms@radar.nrl.navy.mil
Tue, 8 May 2001 13:56:35 -0400 

rob, I think maybe Skip is referring to certain virus propagating
platforms that are best isolated from the Internet as much as possible
- the best way to do that usually involves stable and secure computing
platforms, which are quite often Unix-based.

Mind that these techniques effectively break some fundamental design
rules of the Internet[1] and are therefore evil.[3] Also evil is that
the time and effort spent upon these things is most likely better
spent upon end-user education and in getting rid of the problematic
email tools. Problem solution is even better than problem avoidance.

I need to stress that any plan to deploy tools like these needs to
include a plan for their eventual removal.

That said, here are things I have put on testbed systems:
MIMEDefang - http://www.roaringpenguin.com/mimedefang/
AMaViS - http://www.amavis.org/
       - http://sourceforge.net/projects/amavis/
as well as some draconian procmail[5] rules for individuals who
benefit from them.

Some of this involves playing with bleeding edge sendmail. While not
entirely a bad thing, it is not for the faint of heart. At the very
least, pore over http://www.sendmail.org, http://www.sendmail.net and
news:comp.mail.sendmail for info.

One piece of positive news for Unix serving email to client software:
Qualcomm has released Qpopper 4.0 as a free, open-source product.[6] The
TLS/SSL support it provides is a good thing.

Be careful out there.[7]

-Maitland


[1] Some Internet design goals:
    1 - reliable data delivery
    2 - fast and efficient
    3 - scaleable
  Broken by email filters how?[2]
    1 - alters the message in transit
    2 - takes much more processing power, memory etc. to determine
    valid messages
    3 - decisions made by email filters are best done at the
    communications endpoints rather than in the middle

[2] Similar things can be said about firewalls.

[3] Evil how?
    - IT implements draconian firewall and email filters. email
      delivery is delayed
    - employee says to spouse "Sorry honey, I didn't get your email
      message before I left work. Next time send it to my hotmail[4]
      account." 
    - employee, now routinely bypassing IT security measures, becomes
      a virus vector. Shared drive files are infected.
    - What was the point of scanning anyways?

  Speed and reliability have powerful effects upon human
  psychology. It is better to work with those tendencies than against
  them.

[4] Or personal ISP or even foreign hosted web email account...

[5] http://www.procmail.org/ (naturally) but also
    http://www.ii.com/internet/robots/procmail/ 

[6] http://www.eudora.com/qpopper/

[7] Skip mentions Sun and SGI. Well, I'm not even running IRIX systems
connected to the Internet anymore, and I found
http://www.securityfocus.com/ has a nice walk through on securing
solaris ( "Sun" tab, "Solaris Security" item on left hand navigation
bar.) Also, http://www.sunfreeware.com/ is a big help in getting handy
tools installed[8]. If it weren't for Microsoft, SGI and Sun would be at
the top of the list of systems that are not secure with a default
installation.

[8] Could it be that OpenSSH is the handiest of hany tools?