annotate docs/masqmail-security.txt @ 409:ca763bd8c809
Added tag final version which I handed in for changeset ee7211546c02
| author |
meillo@marmaro.de |
| date |
Wed, 11 Feb 2009 08:55:32 +0100 |
| parents |
|
| children |
|
| rev |
line source |
|
meillo@25
|
1 masqmail security
|
|
meillo@25
|
2 =================
|
|
meillo@25
|
3
|
|
meillo@25
|
4 masqmail is not intended to listen on a port open to the internet. Its normal
|
|
meillo@25
|
5 operation is on workstations and listening only on localhost.
|
|
meillo@25
|
6 Generally masqmail should only listen on a port accessable by only trusted
|
|
meillo@25
|
7 users. Therefor a firewall should be set up to protect against attacks.
|
|
meillo@25
|
8
|
|
meillo@25
|
9 Security is not a primary goal of masqmail, because its jobs is normally not in
|
|
meillo@25
|
10 dangerous areas. But secrurity should always be a secondary goal, especially for
|
|
meillo@25
|
11 everything that communicates with/via the internet. (And also for programs that
|
|
meillo@25
|
12 run suid-root, like all mail transfer agents.)
|
|
meillo@25
|
13
|
|
meillo@25
|
14 masqmail should be hardened in future! A common and good way to do that is to
|
|
meillo@25
|
15 split it up in several programs, each doing one particular job with only the
|
|
meillo@25
|
16 needed rights. This approach is taken by qmail for example.
|
|
meillo@25
|
17 postfix took qmail as inspiration and is nearly as secure as it---in contrast to
|
|
meillo@25
|
18 sendmail which implements a monolitic architecture.
|
|
meillo@25
|
19 But monolitic architectures must not be bad in general. exim for example shows
|
|
meillo@25
|
20 that a monolitic MTA can be secure---if it one cared about it.
|
