Mailing List Archive: DBMail: users

adding database rows and customize insert querys

Index | Next | Previous | View Threaded

codystewart at gmail

Dec 17, 2008, 12:39 PM

Post #1 of 12 (1575 views)
Permalink

adding database rows and customize insert querys

I am trying to add some rows to the database for additional
information to be stored and encrypting the body of the message. Can
someone point me to the file that has the actual mysql insert query's.

Version of dbmail is dbmail-2.2.11-rc3.

Thanks,
Cody
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
https://mailman.fastxs.nl/mailman/listinfo/dbmail

ml at kiewel-online

Dec 17, 2008, 11:51 PM

Post #2 of 12 (1497 views)
Permalink

Re: adding database rows and customize insert querys [In reply to]

Cody Stewart wrote:
> I am trying to add some rows to the database for additional
> information to be stored and encrypting the body of the message. Can
> someone point me to the file that has the actual mysql insert query's.
>

various files:
[root [at] serve src]# grep INSERT *.c | cut -d ":" -f 1 | sort | uniq
dbmail-message.c
dm_acl.c
dm_db.c
dm_sievescript.c
imapcommands.c

HTH,
Uwe
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
https://mailman.fastxs.nl/mailman/listinfo/dbmail

codystewart at gmail

Dec 18, 2008, 9:32 AM

Post #3 of 12 (1493 views)
Permalink

Re: adding database rows and customize insert querys [In reply to]

Ok I need to encrypt the body of the message before it is stored. Can
someone point me to where the body of the message is stored just
before the INSERT is ran? I have already written this in PHP but I am
not very sharp on my C skills.
Version of dbmail is dbmail-2.2.11-rc3.

Thanks,
Cody
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
https://mailman.fastxs.nl/mailman/listinfo/dbmail

paul at nfg

Dec 18, 2008, 11:45 AM

Post #4 of 12 (1496 views)
Permalink

Re: adding database rows and customize insert querys [In reply to]

Cody Stewart wrote:
> Ok I need to encrypt the body of the message before it is stored.

How do you figure doing that?

> Can
> someone point me to where the body of the message is stored just
> before the INSERT is ran?
> I have already written this in PHP but I am
> not very sharp on my C skills.
> Version of dbmail is dbmail-2.2.11-rc3.

Why not encrypt the body before feeding it to dbmail? That way you will
also be forward compatible with dbmail-2.3 which uses a completely
different storage model.

--
________________________________________________________________
Paul Stevens paul at nfg.nl
NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31
The Netherlands________________________________http://www.nfg.nl
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
https://mailman.fastxs.nl/mailman/listinfo/dbmail

codystewart at gmail

Dec 18, 2008, 12:55 PM

Post #5 of 12 (1491 views)
Permalink

Re: adding database rows and customize insert querys [In reply to]

> How do you figure doing that?
I have written some code in php to encrypt each message dynamically. I
am looking to implement this code in dbmail so I gain imap support.

> Why not encrypt the body before feeding it to dbmail? That way you will
> also be forward compatible with dbmail-2.3 which uses a completely
> different storage model.

This is a great idea. My problem is I do not know C very well. I am
having a hard time finding where to do this at. Can you point me to
the right spot?
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
https://mailman.fastxs.nl/mailman/listinfo/dbmail

aaron at serendipity

Dec 18, 2008, 1:26 PM

Post #6 of 12 (1495 views)
Permalink

Re: adding database rows and customize insert querys [In reply to]

On Thu, 2008-12-18 at 14:55 -0600, Cody Stewart wrote:
> > How do you figure doing that?
> I have written some code in php to encrypt each message dynamically. I
> am looking to implement this code in dbmail so I gain imap support.
>
> > Why not encrypt the body before feeding it to dbmail? That way you will
> > also be forward compatible with dbmail-2.3 which uses a completely
> > different storage model.
>
> This is a great idea. My problem is I do not know C very well. I am
> having a hard time finding where to do this at. Can you point me to
> the right spot?

Doesn't need to be in C, you could work in PHP as a command-line
application . Your approach might be to receive email from your MTA by
pipe or by LMTP, and encrypt it as you like, and then pass it on again
by pipe or by LMTP to DBMail.

Aaron

_______________________________________________
DBmail mailing list
DBmail [at] dbmail
https://mailman.fastxs.nl/mailman/listinfo/dbmail

paul at nfg

Dec 18, 2008, 1:34 PM

Post #7 of 12 (1497 views)
Permalink

Re: adding database rows and customize insert querys [In reply to]

Cody Stewart wrote:
>> How do you figure doing that?
> I have written some code in php to encrypt each message dynamically. I
> am looking to implement this code in dbmail so I gain imap support.

I mean, like what will a message typically look like after encryption?
Structure and formatting, the actual algorithm. Or should I assume it's
mime compliant?

>
>> Why not encrypt the body before feeding it to dbmail? That way you will
>> also be forward compatible with dbmail-2.3 which uses a completely
>> different storage model.
>
> This is a great idea. My problem is I do not know C very well. I am
> having a hard time finding where to do this at. Can you point me to
> the right spot?

You misunderstand completely. If you encrypt *before* giving the message
to dbmail (through dbmail-lmtpd or dbmail-smtp/deliver) you don't need
to modify dbmail to begin with. I'm thinking filters:

cat message.eml|myencryptingfilter.sh --key $pgpid|dbmail-smtp -u $user

Should you still prefer to hack on dbmail, dbmail-message.c would be a
good place to start.

--
________________________________________________________________
Paul Stevens paul at nfg.nl
NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31
The Netherlands________________________________http://www.nfg.nl
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
https://mailman.fastxs.nl/mailman/listinfo/dbmail

michael.monnerie at is

Dec 18, 2008, 3:28 PM

Post #8 of 12 (1495 views)
Permalink

Re: adding database rows and customize insert querys [In reply to]

On Donnerstag 18 Dezember 2008 Paul Stevens wrote:
> cat message.eml|myencryptingfilter.sh --key $pgpid|dbmail-smtp -u
> $user

Yes, but I think he meant you cannot read it with POP/IMAP then. His
goal seems to be to have encryption on the server, only for the stored
e-mail. BUT then the encryption+key has to be on the server, so in case
of a hacker attack it's still easy for the hacker to get db contents +
encryption tool+keys. And then I ask: what do you want to reach?

mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0660 / 415 65 31 .network.your.ideas.
// PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4
// Keyserver: wwwkeys.eu.pgp.net Key-ID: 1C1209B4

Attachments:

signature.asc (0.19 KB)

vulture at netvulture

Dec 18, 2008, 5:48 PM

Post #9 of 12 (1493 views)
Permalink

Re: adding database rows and customize insert querys [In reply to]

I think we could defiantly store the individual parts encrypted in
dbmail_mimeparts and still have the hash on the un-encrypted data. But
the key to encrypt and decrypt would need to be stored/obtained
somewhere for imapd and pop3d to know how to read and write those blobs.
The header caching though would have the un-encrypted lines for the main
envelope (subject line too). Now even if the message is stored as
encrypted blobs, the network traffic will still transmit the message to
the client un-encrypted.

Again this comes back to what parts of the email you need to have encrypted.

-Jon

Michael Monnerie wrote:
> On Donnerstag 18 Dezember 2008 Paul Stevens wrote:
>
>> cat message.eml|myencryptingfilter.sh --key $pgpid|dbmail-smtp -u
>> $user
>>
>
> Yes, but I think he meant you cannot read it with POP/IMAP then. His
> goal seems to be to have encryption on the server, only for the stored
> e-mail. BUT then the encryption+key has to be on the server, so in case
> of a hacker attack it's still easy for the hacker to get db contents +
> encryption tool+keys. And then I ask: what do you want to reach?
>
> mfg zmi
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> DBmail mailing list
> DBmail [at] dbmail
> https://mailman.fastxs.nl/mailman/listinfo/dbmail
>

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
DBmail mailing list
DBmail [at] dbmail
https://mailman.fastxs.nl/mailman/listinfo/dbmail

michael.monnerie at is

Dec 18, 2008, 6:08 PM

Post #10 of 12 (1493 views)
Permalink

Re: adding database rows and customize insert querys [In reply to]

On Freitag 19 Dezember 2008 Jonathan Feally wrote:
> network traffic will still transmit the message to
> the client un-encrypted

So what is the gain to use encrypted storage then? It takes CPU cycles
and doesn't help anything - the way you described it (and it's the way I
understood the OP).

Cody: What was your idea?

mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0660 / 415 65 31 .network.your.ideas.
// PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4
// Keyserver: wwwkeys.eu.pgp.net Key-ID: 1C1209B4

Attachments:

signature.asc (0.19 KB)

paul at nfg

Dec 19, 2008, 12:09 AM

Post #11 of 12 (1493 views)
Permalink

Re: adding database rows and customize insert querys [In reply to]

Jonathan Feally wrote:
> I think we could defiantly store the individual parts encrypted in
> dbmail_mimeparts and still have the hash on the un-encrypted data.

That won't work. If the hash cannot be verified against the blob, you
cannot check for key-collisions.

> Again this comes back to what parts of the email you need to have
> encrypted.

My point indeed.

If you follow the filter path by converting all messages to s/mime or
pgp/mime you are up and running. Of course reading email would require
access to the secret key used to encrypt in the first place, which means
you would have to have access to the public keys for all users for whom
you'd wish to encrypt storage. But you'd be home free if you do.

Of course anyone accessing your database could still do traffic analyses
and such on the cleartext header caching tables, but all message content
would be inaccessible.

--
________________________________________________________________
Paul Stevens paul at nfg.nl
NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31
The Netherlands________________________________http://www.nfg.nl
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
https://mailman.fastxs.nl/mailman/listinfo/dbmail

dbmail at tech

Dec 19, 2008, 2:00 AM

Post #12 of 12 (1496 views)
Permalink

Re: adding database rows and customize insert querys [In reply to]

Cody Stewart wrote:
> I am trying to add some rows to the database for additional
> information to be stored and encrypting the body of the message. Can
> someone point me to the file that has the actual mysql insert query's.
>
Why?

Is this for archiving purposes? or do you plan on just storing the data
encrypted and decrypting on the fly? Unless you plan on separating your
smtp/lmtp from pop3/imap using an asymmetric cipher that'll work but if
you plan on running it on a single box or single dbmail box - why
bother? you'll have the keys in the same place as the data making the
encryption useless.

SG

_______________________________________________
DBmail mailing list
DBmail [at] dbmail
https://mailman.fastxs.nl/mailman/listinfo/dbmail

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads