07-29-2016 11:51 PM
I have a question how can I restrict someone sending emails to external(personal)and internal email ids from Linux server using sas program or email program.
I would appreciate anyone's suggestions and ideas on this
Thank you in Advance
07-30-2016 11:14 AM
You want to prevent a user from programmatically sending e-mails using FILENAME EMAIL or another SMTP utility?
I don't think that there is a way to restrict this in SAS (the LOCKDOWN option doesn't seem to include FILENAME EMAIL, though you could try it). Ideally, you would restrict the SMTP server itself -- even if you prevent the SAS language from using it, seems like you're after a wider approach that would also restrict the many "built-in" tools that offer SMTP access.
08-01-2016 04:20 AM
When SAS is in a locked-down state, the FILENAME statement, EMAIL access method is not available. Your server administrator can re-enable this access method so that it is accessible in the locked-down state. For more information, see SAS Processing Restrictions for Servers in a Locked-Down State in SAS Language Reference: Concepts.
Of course, as you suggested, there may still be other ways to email SAS output - attachments via PC email clients, photos via smartphones etc. It sounds like it would be a good idea for @sasprofile to talk to their in-house security team about their support and policies for outbound email monitoring and data leakage prevention in general.
07-30-2016 05:26 PM
08-01-2016 02:21 AM
08-01-2016 04:07 AM
I think there might be a confusion here between session encryption (such as TLS/STARTTLS) and message encryption (such as S/MIME).
The code you posted uses SAS to send an email by connecting to an SMTP server, initially unencrypted on port 587, and then upgrading the connection to encrypted using STARTTLS. The transfer of the message between SAS (as a client) and the SMTP server is then over an encrypted connection. Someone on the same network that could capture the traffic would have a hard time decrypting it. However the email message itself is not encrypted. The server that received the message may not be the ultimate destination for the receipient. It may relay the message onto another server (or series of servers) before it gets to the recipient. Any of those intermediate servers can inspect the message contents. Additionally you cannot be sure that any of those intermediate servers will use TLS when passing the message on (after the initial exchange between SAS and the first server). Where this is an issue, email message encryption (such as S/MIME) can be considered. In that situation the message itself is encrypted for the recipient(s) such that only the receipient(s) should be able to decrypt it. The message may or may not pass over encrypted connections between the intermediate servers and the intermediate servers will not be able to decrypt the message contents.
My understanding is that SAS supports session encryption (TLS/STARTTLS) but not message encryption such as S/MIME.
You mentioned the code didn't work for you but you didn't post the error you got. You may want to talk to your local email admin as they will be able to advise which ports the server will accept messages on and the protocols that it supports.