3615 EC - BBS.EC

More security

| | | topics: Announcements | keywords: announcements, bbs announcements, system announcements
id: 6487c5bd-631a-493a-9590-40823d132fb3
Date: Sun, 03 Nov 2019 15:09:32 +0100
From: =?UTF-8?B?S8OpdmluIENPU1RFTExPRQ==?= <kevin@mmn.on.ca>
Subject: More security #general #mail
Message-Id: <1572790172@bbs.ec>
Organization: MMN
To: announcements@mmn.groups.io
X-Mailer: wcMail v6.3.452.5
X-Wildcat-Message-Id: <1572790172.1.0@bbs.ec>

Hello Internautes !

In an effort to make inbound email more secure, I setup a relay between the external server (mx5 in Virginia, US) and the internal servers (the BBS & wm based in Paris, France).

At the moment, the inbound side is not getting the desired effect (TLS errors everywhere, thanks Postfix) but a side effect is that outbound is much more encrypted than before.

The biggest problem to work with is that the Wildcat! server does not handle SSL very well, so to set up outbound mail relay, I had to create a server at DreamCompute to receive mail via a VPN and toss it off in to the wild via Mailhop.org (now DuoCirlce) while also authenticating.

Until a few minutes ago, the BBS would connect to the machine in the US unencrypted over the VPN then send it off to DuoCircle encrypted.

Obviously, no matter what, one can not trust the Americans. Now the setup is that the server locally wm.ec.je now accepts mail unencrypted from the BBS (they're less than a metre appart), wm then relays off to the front facing server using TLS, which does the same to DuoCircle.

The idea is that I also make it work in reverse using the MX GuardDog setup, but that's still a work in progress.

The end goal is that I move some of the front machines activites back over to a local machine and cut the cord between the external and internal services, closing off the bridge between the machines.

But since Postfix does not really want to play the game today, that might be a bit later on in the day.

-Kevin