diff options
| author | Guilhem Moulin <guilhem.moulin@fripost.org> | 2012-08-20 21:22:08 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem.moulin@fripost.org> | 2012-08-20 21:22:08 +0200 |
| commit | 8eb056260ff022da9857690790d10385f3431465 (patch) | |
| tree | e36a81f6567022e24bc20cd94c89bf680243b207 | |
| parent | b302204ce7ddf7fb15284fd7c1cba19b279ba3c2 (diff) | |
Configuring sender anonymization on the MSA.
| -rw-r--r-- | fripost-docs.org | 52 |
1 files changed, 45 insertions, 7 deletions
diff --git a/fripost-docs.org b/fripost-docs.org index 794705a..ea8a762 100644 --- a/fripost-docs.org +++ b/fripost-docs.org @@ -159,6 +159,9 @@ sudo aptitude install logcheck syslog-summary # | There is no way to get rid of the warning `Fixed query_filter [...] is probably useless'. # It is harmless in our case, since the search base is precise enough. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(smtpd|cleanup|trivial-rewrite|postmap)\[[0-9]+\]: warning: dict_ldap_open: /etc/postfix/ldap/ldap_virtual_alias_catchall_maps.cf: Fixed query_filter \(\&\(ObjectClass=virtualAliases\)\(mailLocalAddress=\)\(isActive=TRUE\)\) is probably useless$ +# | Untrusted connections should be taken care of on the client's side. +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: Untrusted TLS connection established from +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [._[:alnum:]-]+\[[0-9.:]+\]: (Unt|T)rusted: subject_CN=.*, issuer=.*, fingerprint= ** Configuring aptitude and friends @@ -1473,8 +1476,16 @@ can be obtained by the command echo -ne '\000user@fripost.org\000user' | openssl base64 +or slightly better (does not write password in your ~/.bash_history) + + read U PW; echo -ne "\000$U\000$PW" | openssl base64 + **** Anonymize the senders +***** Overview + +Reference: https://we.riseup.net/debian/mail#getting-your-postfix-anonymized + If RoudCube automatically anonymize the sender (by simply shortening the trace), it's not the case (by default) for SquirrelMail, or when clients connect via ESMTP/ESMTPS/ESMTPA/ESMTPSA. Here are a couple of traces we want @@ -1549,9 +1560,7 @@ valid certificate, and in case of an SMTP relay, the early part of the trace (before it entered our Postfix sever) remains unchanged. For example, the early part of the third trace would become: - Received: from localhost (localhost [127.0.0.1]) - (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) - (Client CN "", Issuer "" (not verified)) + Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: username) by fripost.org (Postfix) with ESMTPSA id 40284804F5 for <recipient@example.org>; Thu, 22 Mar 2012 14:48:01 +0100 (CET) @@ -1563,10 +1572,10 @@ smtp_header_checks. In that case, the corresponding file would contain the following rexep, forging the header by pretending that the client has EHLO'ed from localhost: - /^Received:\s+from (\S+)\s+\(\S+\s+\S+\)(.*\sby fripost\.org \(Postfix\)\s+with E?SMTP(S|A|SA)\W.*)$/ - REPLACE Received: from localhost (localhost [127.0.0.1])${2} + /^Received:\s+from\s+(\S+\s+\([-._[:alnum:]]+\s+\[[.[:digit:]]{7,15}\]\)).*?([[:space:]]+).*\(Authenticated sender:\s+([^)]+)\).*(by\s+smtp\.fripost\.org\s+\([^)]+\)\s+with\s+E?SMTPS?A?\s+id\s+[A-F[:digit:]]+.*)/ + REPLACE Received: from [127.0.0.1] (localhost [127.0.0.1])$2(Authenticated sender: $3)${2}$4 -You can try out the regexp using "postmap -h -q - regexp:smtp_header_checks < email" +You can try out the regexp using "postmap -h -q - regex:/etc/postfix/smtp_header_checks < email" (where `email' may also be a bunch of traces). DISCLAIMER: The regexp probably needs tests (especially for multiple hops, @@ -1578,6 +1587,36 @@ responsability to masquerade it I suppose. In the same way, the CN and Issuer of the client's certificate may help to track him/her down. Maybe we should forge these as well? +***** Install packages + + apt-get install postfix-pcre + +***** Configure postfix + + :: /etc/postfix/smtp_anonymize_sender.pcre + + /^Received:\s+from\s+(\S+\s+\([-._[:alnum:]]+\s+\[[.[:digit:]]{7,15}\]\)).*?([[:space:]]+).*\(Authenticated sender:\s+([^)]+)\).*(by\s+smtp\.fripost\.org\s+\([^)]+\)\s+with\s+E?SMTPS?A?\s+id\s+[A-F[:digit:]]+.*)/ + REPLACE Received: from [127.0.0.1] (localhost [127.0.0.1])$2(Authenticated sender: $3)${2}$4 + + + :: /etc/postfix/main.cf + + smtp_header_checks = pcre:$config_directory/smtp_anonymize_sender.pcre + + +By default, postfix logs the header checks (or rewrites in our case). +For privacy reasons, we drop these when they entery syslog: + + :: /etc/rsyslog.conf + + # Do not log our Postfix's header rewrites, that are meant to + # anonymize senders. + :msg, ereregex, "^ [[:alnum:]]+: replace: header Received: from" ~ + [...] + auth,authpriv.* /var/log/auth.log + *.*;auth,authpriv.none -/var/log/syslog + [...] + ** Configuring the webserver sudo apt-get install apache2 @@ -1809,7 +1848,6 @@ mv hooks/post-update.sample hooks/post-update echo "Mötesprotokoll" > fripost-meetings.git/description - ** Logging *** Overview We want to limit how much we log for privacy reasons. At the same time we want |