Differences

This shows you the differences between two versions of the page.

--- config_echomail_nodes [2019/03/16 17:21] – page 2 updates avon
+++ config_echomail_nodes [2019/03/16 17:55] – added ssl/tls for echomail nodes avon
@@ Line 244: / Line 244: @@
 Without this password set your Mystic BBS will ignore the files it receives and/or move them in to the BAD directory defined in the [FileToss] stanza of your MUTIL .ini file
+=== Encryption Key ===
+Echomail nodes now have an "Encryption Key" option.  When this option is set to a non-blank value, Mystic will encrypt all of the contents of Netmail messages to this node with an AES-256 encryption.  This completes a fully encrypted echomail solution as both transport and private messages are secured.
+This is done in a way that is completely transparent to unsupporting systems, meaning that you can still route netmail through systems and they will not harm the encrypted netmails!  The encryption also hides the message subject, so when combined with Area/Filefix passwords will no longer be readable. You must have Cryptlib installed for this to work.
+The other echomail node must of course have the same key configured for your node in order to decrypt the netmail when it arrives.  This works the same way as any other password setting in echomail nodes.
+When routing Netmail, Mystic will intelligently re-encrypt the message between routing points when possible.  In other words if you have a point system who sends from 555:1/2.1 to 555:1/1 but is routed through 555:1/2,   Mystic at 555:1/2 will know that it has an encryption agreement between both 555:1/2.1 and 555:1/1 so it will decrypt the message from 555:1/2.1 and then re-encrypt it for 555:1/1 before routing it.
 === Security Level ===
-Placeholder text - this feature under development 1.12 A38
+You can set ACS rules for this EchoMail node. Refer to discussion info in the Echomail Node Security section below.
 === Access Flags ===
-Placeholder text - this feature under development 1.12 A38
+You can set access flags for this EchoMail Node. Refer to discussion info in the Echomail Node Security section below.
+=== Echomail Node Security ====
+The beginnings of Echomail node security is here!  The easiest way to think about how this system works is to relate an Echomail node to the way security works for a user in your BBS.  Each node will have a security   level, access flags, and can be a member of many Echomail groups (up to 65000 echomail groups can be defined).
+Different functions throughout the echomail system will eventually have "Echo ACS" strings which work just like the [[access_control|user ACS strings that we're familiar with]].  For example, you might have "Hatch File EACS" in a file base where you could say that you wanted only echomail nodes within a particular group to be able to hatch files, or a particular security level or access flag(s), or even by static echomail node ID.  For example:
+     Hatch File EACS: g2|s255|fH|u10
+The above would say that any echomail node that is a member of Echomail group 2, OR any node that has a security level of 255 OR any Echomail node that has flag H can hatch files to that file base.  The Echomail node with the ID of #10 can also hatch.
+This is a very powerful system for managing an Echomail network, and EACS strings will be added to various functions in the future as seen fit.
 ==== Page 3 of 6 - Groups ====
-   Echo Group 01  │ None                                      1:General
+   Echo Group 01  │ fsxNet                                    1:General
    Echo Group 02  │ None                                      2:Security
    Echo Group 03  │ None                                      3:GROUPS
@@ Line 272: / Line 294: @@
-Placeholder text - this feature under development 1.12 A38
+Define which EchoMail groups this EchoMail node is a member of.
 ==== Page 4 of 6 - BinkP====
    BINKP Hostname │ agency.bbs.nz:24556                       1:General
    IP Type        │ IPV4                                      2:Security
-   Password       │ *******                                   3:Groups
+   Password       │ *****                                     3:Groups
    Time Out       │ 30                                        4:BINKP
    Block Size     │ 16384                                     5:FTP
    CRAM-MD5       │ Yes                                       6:Dir Toss
+   Use SSL/TLS    │ No
    Hide AKAs      │ Yes
-                  │
                   │
                   │
@@ Line 292: / Line 314: @@
                   │
                   │                                          Page 4 of 6
-A Binkp session has the following options you should set:
+A Binkp section has the following options you should look at and in most cases set up:
 === BINKP Hostname ===
@@ Line 301: / Line 324: @@
 === IP Type ===
-Do you wish to use IPV4 or IPV6 when using Fidopoll to connect to this system?
+Do you wish to use IPV4 or IPV6 when using Fidopoll to connect to this system? Or do you wish to set a preferred connection type and then a fallback type? e.g. IPV6 + IPV4 or IPV4 + IPV6
 === Password ===
@@ Line 307: / Line 330: @@
 Set the session password your Mystic BBS will send to this EchoMail Node when you poll it using Fidopoll or it connects to your Mystic BinkP server and attempts to send your system Echomail, Netmail and/or other files.
-This password is case sensitive. Be warned some non-Mystic systems have issues with this. Best advice keep everything UPPERCASE to avoid hassles.
+This password is case sensitive. Be warned some non-Mystic systems have issues with this. Best advice keep everything UPPERCASE and limited to no more than 8 characters to avoid hassles.
 === Timeout ===
@@ Line 320: / Line 343: @@
 Use MD5 hashing when connecting as a client? This hides session passwords so they are not sent in plain text. It's a good idea to use this.
+=== Use SSL/TLS ===
+Mystic BINKP server and FIDOPOLL now support opportunistic SSL (TLS v1.2+) using a proprietary extension of the BINKP protocol. This means that it will only work with other Mystic BBS clients and servers, but the author plans to document the extension and send it to the authors of other mailers in hopes that it can be standardized.
+EchoMail Nodes now have three settings which can be used when polling for new mail:
+      No     : FIDOPOLL will not use SSL extension at all
+      Yes    : FIDOPOLL WILL use SSL if the server supports it
+      Forced : FIDOPOLL will refuse to exchange mail with a server
+               unless it supports SSL
+This setting is experimental at present so your mileage may vary. If you're having issues connecting to other systems it's best to set this to 'No' for now.
 === Hide AKAs ===