> > > mutt in a no-netvm mua-vault?
> > > with fetchmail-vms feeding it through qubesrpc-procmail?
> > > and separate vms for qubesrpc-msmtp for sending?
> > > or msmtp-vms mixed with the fetchmail-vms based on credentials-overlap?


> > however, I am afraid that you have already successfully placed a virus in
> > my head. That setup sounds like a challenge. Any documentation you could
> > link?

no real docs i am afraid. some notes/snippets.
in these examples, the no-net mua-vm is called priv-mua, the
combined fetchmail+msmtp vm is called priv-mta.


mta fetchmailrc:
    mda "/usr/bin/qrexec-client-vm priv-mua baka.procmail"

mua baka.procmail: (giga-hacky fixup for mbox format/style)
    perl -e '<>;unless($c++||/^From /){$a=localtime;print "From rpc 
$a\n";}print;while(<>){print}' | procmail

mua procmailrc: (for forwarding recipes)
    | /home/user/bin/smail

mua muttrc:
    set sendmail="/home/user/bin/smail"

mua ~/bin/smail: (just a helper to isolate the qrexec from random cli args)
    exec /usr/bin/qrexec-client-vm priv-mta baka.msmtp

mta baka.msmtp: (this needs a better way to signal/determine dests)
    msmtp -d -t --read-envelope-from &> /tmp/_msmtp.debuglast


in case some part of the mailinglist chain decides to eat up special chars:
        https://pastebin.com/raw/DfvRujvG


> I'd be more interested in a defense against the DoS vulnerability in
> Qubes users (aka xkcd nerd sniping)that dhorf appears to have discovered :)

there is one fundamental thing to realize about qubes-rpc:
think of it as a pipe that has its left/right side in different VMs.

so everything that can be phrased as a commandline involving pipes,
or involves commands with quasi-pipe options (rsync -e, openssh
ProxyCommand, fetchmail mda, ...) can be turned into a qubes
split-something easily. 

actualy anything that involves a single TCP socket too, but you need
to add something like socat or systemd-socket as a helper... 

or a service that has an inetd-mode (sshd -i) ... 


> dhorf

also, how did you get that name?
it is triple-rot13 encrypted for extra privacy!
wait, it even looks like you broke the first two rounds already...
*panics*


> > > but, yes. not really a solution for the masses.



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200212102630.GT8973%40priv-mua.

Reply via email to