annotate docs/masqmail-security.txt @ 366:80b2e476c2e3
a lot of cleanup
author |
meillo@marmaro.de |
date |
Fri, 30 Jan 2009 21:20:00 +0100 |
parents |
|
children |
|
rev |
line source |
meillo@25
|
1 masqmail security
|
meillo@25
|
2 =================
|
meillo@25
|
3
|
meillo@25
|
4 masqmail is not intended to listen on a port open to the internet. Its normal
|
meillo@25
|
5 operation is on workstations and listening only on localhost.
|
meillo@25
|
6 Generally masqmail should only listen on a port accessable by only trusted
|
meillo@25
|
7 users. Therefor a firewall should be set up to protect against attacks.
|
meillo@25
|
8
|
meillo@25
|
9 Security is not a primary goal of masqmail, because its jobs is normally not in
|
meillo@25
|
10 dangerous areas. But secrurity should always be a secondary goal, especially for
|
meillo@25
|
11 everything that communicates with/via the internet. (And also for programs that
|
meillo@25
|
12 run suid-root, like all mail transfer agents.)
|
meillo@25
|
13
|
meillo@25
|
14 masqmail should be hardened in future! A common and good way to do that is to
|
meillo@25
|
15 split it up in several programs, each doing one particular job with only the
|
meillo@25
|
16 needed rights. This approach is taken by qmail for example.
|
meillo@25
|
17 postfix took qmail as inspiration and is nearly as secure as it---in contrast to
|
meillo@25
|
18 sendmail which implements a monolitic architecture.
|
meillo@25
|
19 But monolitic architectures must not be bad in general. exim for example shows
|
meillo@25
|
20 that a monolitic MTA can be secure---if it one cared about it.
|