Proxy SMTP server with instructions receiving from API - proxy

The task is to build SMTP proxy gateway which will send all letters to API for some checks and dependently of API answer will send letter to destination server or will return error message to client.
Please look at this picture
IMAP will be organized in same way, all letters will be sent to API for virus checking etc. and only letters with successfull API response will be received to mailbox.
Want to ask and advice which software will be better to use for this purpose. Dovecot/Postfix? But how to integrate it with AMQP API? Maybe better will be to organize it through nginx proxy? Or python Twisted framework?
Will be grateful for any help.

If you're looking for a COTS software solution, Forum Sentry API Security Gateway software version can act both as an SMTP proxy or an AMQP proxy.
http://www.forumsys.com/forum-sentry-secure-amqp-proxy/
[I work for Forum Systems]

Related

Gateway API - Apache APISIX with Secured Websockets

I am trying to add an API Gateway to a client-server system, which communicates through WebSockets.
The Server is an audio recognition engine that sits in a remote machine, and clients are connecting to it through WebSockets ('wss://...'), sending audio files and receiving their text translate representation.
My main goal is to add a free open-source API Gateway in the middle in order to authenticate\authorize\rate limit\etc (Tried Kong\Tyk\krakenD, but they are not free).
After searching the web, I focused on Apache APISIX gateway.
As a test, I managed to connect the APISIX to a client-server which communicates by http/https and it worked fine.
Moreover, I managed to connect the client with the server on regular websocket connection (ws://) and the data transactions were successful, but no matter what I do I cant connect to the secured connection. Are there any special configurations I should edit in the dashboard?
I'm wondering if anyone knows from experience if it's possible to use
the secured WebSockets with Apache APISIX and if yes, how exactly it should be done - because the docs are missing any informative info\examples, or if there are better solutions known to my problem.
The only WebSocket reference in APISIX dashboard -
What you should do is create an SSL object (you can find it in the sidebar on the left side). See https://apisix.apache.org/docs/apisix/admin-api/#ssl to learn the APISIX SSL object.
You can see an example at https://apisix.apache.org/docs/apisix/certificate
The SSL object provides the required TLS Certificate and Private Key so that this key pair can be used in a TLS handshake according to the TLS SNI sent from clients. After that, your client established a secured connection with APISIX, and now you can send the WebSocket traffic securely.

Is the Hubot web socket connection to Slack secure?

I am setting up hubot with a slack adapter for an enterprise and would like to know if the socket connection between Hubot and Slack is secure.
If not, how can it be secured?
Its hard to say in general whether a product would be regards as "secure" for your enterprise. It all depends on the security requirements specific to your business. e.g. a defense contractor might have much higher security requirements than a retailer.
To answer your question I would therefore suggest to research the security specifics of this product and then compare them with the security requirements of your enterprise.
Here is an overview about the security architecture to get you started:
Hubot uses Slack's RTM API which uses WebSockets as main
communication protocol
To start a connection you need to call either the rtm.start or
rtm.connect endpoint, which is secured by HTTPS. Both endpoints require you to
provide authentication via a Oauth 2.0 token.
Those endpoint return a custom URL for your WebSocket session
All WebSocket communication uses the secure WSS protocol, which applies TLS to secure the connection
I have raised a ticket with Slack support team and they confirmed that connection is WSS and uses TLS 1.2 which makes it secure for enterprise. Thanks!

How to proxy gRPC calls

I'm trying to analyse what information an app is sending so I setup Charles but to my surprise nothing was logged out.
After decompiling the app I see that it doesn't use simple REST calls but rather a library called gRPC.
Is there a good tool out there that will allow me too see what is send out from the app?
The Mediator is a Cross-platform GUI gRPC debugging proxy like Charles but design for gRPC.
You can dump all gRPC requests without any configuration.
Mediator can render the binary message into a JSON tree, when you have the API schema.
It support decode gRPC/TLS, but you should download and install the Mediator Root Certificate to your device.
gRPC uses HTTP/2 as a transport protocol. Any proxy which supports HTTP/2 for both the front-end and back-end connections should be able to be used to inspect the packets a gRPC connection. Note, some proxies only support HTTP/2 for the front-end or back-end connections and those are incompatible with gRPC.
Envoy Proxy (https://www.envoyproxy.io/) supports proxying gRPC connections and can be configured to log out request information.
Some other example proxies include:
Nginx https://medium.com/nirman-tech-blog/nginx-as-reverse-proxy-with-grpc-820d35642bff
https://github.com/mwitkow/grpc-proxy
https://github.com/mercari/grpc-http-proxy
If you are asking for android there is a app called HttpCanry. It can log request/ respond.

Mule connection to Exchange Server

I need to connect to Exchange Server in Mule but Mule provided OOB IMAP and POP3 are not enabled on our exchange server hence we cannot use them.
Can anyone shed some light here on other alternative ways to connect to exchange server and read the emails.
Mule mail transport implements standard transports, these being IMAP, POP3 and SMTP.
If you need anything beside these to access your mail server you should consider writing a custom connector using devkit.
An example of such an approach is the gmail connector that leverages google API to retrieve emails rather than the standard mail transport.
Most of the connections from the Internet are handled by IIS on the Exchange Server. The options can be:
RPC Over Https. Well known as “Outlook Anywhere”.
EWS. Mostly used by MAC Outlook.
Activesync – Mobility
ECP – management console, configuration via OWA
Thanks,
hope answer the question

Want to build the SMS equivalent of a web server

I want an SMS service that maps incoming SMS-es to an http request to my server and maps my HTTP response to an SMS reply. Can someone recommend an SMS gateway that provides reasonable service to North America?
Thre are lots of providers out there that can provide this (see google here or here). There are also some guides on the web such as "How to Choose an SMS Gateway Provider".
A couple of examples that look pretty professional (however i have not used them):
Clickatell
CellTrust

Resources