Building a mail application.. some advice appreciated
jeffrey at goldmark.org
Wed Apr 25 21:39:02 UTC 2007
On Apr 25, 2007, at 3:37 PM, David Southwell wrote:
> Iddentification and authentication processess are assisted by the
> containing attachments which are small one time use files that
> should only be
> in the possession of a specific valid user.
Then doesn't this solve your problem? The attachment itself will
serve to sufficiently identify and authenticate the sender. What
more do you need?
>> will not do this within the MTA, but will pass (usually through an
>> alias to a pipe, just like in mailman) the message to some program or
>> script. Whether it's written in perl, python, awk etc is up to you,
>> though there will already be nice packages in perl and python (and
>> lots of other choices) for doing this kind of thing. You will want a
>> system that has nice integration with MySQL. Again, all of the
>> popular scripting languages do.
> I am familiar with gawl/awk and php.
PHP then. awk doesn't have the libraries. I don't know how much
there is for PHP processing mail, but I suspect that there is enough.
>>> Mails that do not comply with the verification requirements need to
>>> be passed
>>> to another server for logging and processing.
>> When you say another "server" do you mean some other service to deal
>> with these, some other mail server or some other host?
> another mail server
Well, then from PHP (if that is what you go with) you can just pass
the message off via PHP's mail submission tools.
>> I would really need to know what the problem is that you are trying
>> to solve really is.
> The focus of the application is around the transmission of small
> one time use encrypted files by identified and authenticated users
> attached to the emails
> plus the interpretation of terse formated data found in the subject
> and body
> of the email.
As I said, the ones with those attachments should be sufficient for
the authentication you need. I guess that it is the terse formated
data ones that are of concern.
Will those messages be generated directly be humans typing them in,
or will there be some sort of program generating them? Quite simply,
how much control or discretion do you have over the email clients?
What sorts of tools are generating the encrypted files? Do you have
any control over those tools?
> Email is the only practical solution.
Yes, I see that from what you described in your answer to my earlier
query. This might also help work around the "webmail" problem. S/
MIME or PGP can be made to work with most email clients, with webmail
being the real stumbling block. You can simply direct anyone using a
webmail system to do their stuff directly over HTTPS to your server
(since those webmail users at those times are capable of having
interactive web based sessions).
Jeffrey Goldberg http://www.goldmark.org/jeff/
More information about the freebsd-ports