Recently we had a Linux consulting opportunity to install and configure a Postfix mail server for a small company. The company wanted “secure” email for their users. One aspect of the request was to create an encrypted login and communication from the client to the mail server for IMAP using Squirrelmail and providing secure connections to the local client Thunderbird or Outlook. This process is straightforward however there is an issue with the word “secure”.
When a client uses a word like “secure” they often assume a great deal that may not be completely true. In this situation we provided the necessary aspects of SSL and TLS so that the clients had encrypted communication for logins and retrieving mail to their local machine or accessing mail from the web based option. That part of the concept of “secure” was in place. However, proper consulting requires you to also help the client understand that though all of the communication with the client may be secure, once the sent email leaves the mail server on port 25, it is plain text. So passwords and logins are secure but the actual content of the email is sent out in plain text. The only option here is to use encryption for the content of the email as well, an option that most companies do not want to hassle with.
The other aspect of “secure” is that in consulting you need also to encourage clients to use virus checks, SMTP restrictions and filters to control aspects of mail that they certainly do not want.
This project illustrates that Linux consulting requires the consultant to inform the client about their choices and about the bigger picture which the client often does not appreciate simply because they do not have the necessary background.
{ 2 trackbacks }
Comments on this entry are closed.