[nos-bbs] Sending mail to regular addresses via Winlink

Michael Fox - N6MEF n6mef at mefox.org
Wed Jun 22 15:35:54 EDT 2016 

 
> On 6/22/2016 9:47 AM, Michael Fox - N6MEF wrote:
> > Why would you want to take an SMTP client like Thunderbird and have it
> send to JNOS, which would then send to Winlink, which would then send to
> the ultimate address?  Why not just point Thunderbird at any regular SMTP
> server (your own, gmail, etc.) and have it send directly to the recipient
> address?
> The obvious use for this capability in JNOS is the case where normal
> internet access is unavailable. For example, in an EOC that has lost
> internet access and the desire to send/receive 3rd party traffic via
> email exists. This is what Winlink was intended for and, as far as I
> know, only Winlink and RMS currently do.

Obvious?  Winlink is nothing more than an SMTP server with a method to submit via packet.  There's nothing special about that.  In fact, that's exactly what JNOS is.  So the need to use Winlink to send an Internet email is certainly not obvious.

But, as I said before, the JNOS SMTP implementation does not have all of the controls that an Internet-facing SMTP server needs to have now-a-days.  So, wherever a Winlink system exists with a connection to the Internet, you can do the same thing (and much more) with a JNOS system and, say, Postfix (or Sendmail or Exim or ...).  JNOS gives you the ability to submit via packet, including forwarding from any other BBS type, while Postfix/Sendmail/Exim/etc. gives you full control over outbound and inbound connectivity, including passing through virus and spam scanners, dynamic black/whitelist checkers, policy enforcement checkers, etc.  And there's no need for screwy "smtp:" addresses (or "//WL2K" in the subject line for incoming messages).  The JNOS rewrite file handles local stuff, bulletins, NTS, hierarchical packet addresses, etc., eliminating everything but external internet addresses.  Then those go through to the server defined in autoexec.nos with "smtp gateway ...".


> Inappropriate traffic is a potential problem with any Amateur radio
> based messaging system. The obvious way to handle this is to insist that
> a human operator vet and release any outbound traffic that did not
> originate on an Amateur frequency. That removes the fully automated
> operation. It also ensures that inappropriate traffic does not go out
> via JNOS.

Obvious?  You didn't say how.  Are all of the Thunderbird originated messages going into a "hold" mailbox for individual human operator inspection?  That doesn't seem reasonable/scalable.  And the OP didn't say that.  But even if that is so, can a human reliably perform all of the checks that can be automated in a full mail server with any reasonable degree of accuracy or timeliness?  As just one example, will the human inspector be checking every URI in every message to make sure it is not malicious?  I don't think so.  But any reasonably configured mail server will do that and much, much more.


> > Before doing something like that, there would need to be configurable
> security options on the order of modern mail servers (for example,
> Postfix) to control which clients will be allowed to relay and which
> won't, who they can relay to, etc.  It would be easier and far safer to
> set up a regular mail server than to try to replicate those functions
> within JNOS.
> Like I said, there are cases when normal internet access is not
> available. These cases are not normal operation and a "regular mail
> server" (i.e. Linux SMTP) may not be desirable, even if it is able to
> deal directly with a TNC or other digital radio interface.

Actually, lack of Internet connectivity at the sender's location is quite normal.  A common example is sending race statistics from intermediate checkpoints located in the boonies.  Or sending CERT neighborhood survey information from neighborhood ICPs.  Or sending health & welfare traffic to the families of firefighters from a remote fire base.  These (and more) are all cases where, even with no Internet service provider outages, there is a need to send an email to an Internet recipient but no Internet service is available at the sender's location (or it is too expensive).

Regardless, having a need to do something is not a justification for doing it incorrectly/unsafely and potentially (even likely) causing problems for others.  

Michael
N6MEF

More information about the nos-bbs mailing list