Mercurial > docs > diploma
comparison thesis/tex/4-MasqmailsFuture.tex @ 187:7f4d97584a6f
wrote about work to do
| author | meillo@marmaro.de |
|---|---|
| date | Mon, 29 Dec 2008 20:16:58 +0100 |
| parents | 1611abd5443b |
| children | afb72fb64962 |
comparison
equal
deleted
inserted
replaced
| 186:84d27c22517c | 187:7f4d97584a6f |
|---|---|
| 204 | 204 |
| 205 | 205 |
| 206 | 206 |
| 207 \section{Work to do} | 207 \section{Work to do} |
| 208 | 208 |
| 209 What exists, what is missing, what needs to be done? | 209 After \masqmail's features were presented in section \ref{sec:fixme} and the requirements for modern \mta{}s were identified in section \ref{sec:fixme}, here the differences between them are shown. |
| 210 | 210 |
| 211 auth, enc, archiving | 211 |
| 212 | 212 |
| 213 \masqmail\ is already able to encrypt outgoing connections, but encryption of incoming connections, using \NAME{STARTTLS} should be implemented. This only affects the \SMTP\ server module. | 213 \subsubsection*{Fulfilled requirements} |
| 214 | |
| 215 \masqmail's incoming and outgoing channels are the common ones: the \texttt{sendmail} command and \SMTP\ for incoming mail; local delivery, piping to commands, and \SMTP\ for outgoing mail. Support for other protocols is not available. To add it, modifications at many places in the source are needed. | |
| 216 | |
| 217 One single mail queue is used in \masqmail. The envelope and mail headers are generated when the mail is put into the queue. Aliasing is done on delivery, after the route to be used was determined. Headers may be rewritten then. These parts do all provide the functionality required. | |
| 218 | |
| 219 Static authentication, based on \NAME{IP} addresses, can be set up using the \path{hosts.allow} and \path{hosts.deny} files. Dynamic authentication is supported in form of \NAME{SMTP-AUTH} and \SMTP-after-\NAME{POP}, but only for outgoing connections. The same for encryption which is also only available for outgoing \SMTP\ connections; here a wrapper application like \name{openssl} needs to be used. Support for authentication and encryption of incoming connections is completely missing, but a basic requirement for all secure emailing. | |
| 220 | |
| 221 \masqmail\ does not provide special support for spam filter or content checking. But it is possible to invoke external filter applications by running two independent instances of \masqmail, connected by the filter application. The receiving \MTA\ instance accepts mail and pushes it into the filter. The filter application receives mail, processes it, possible modifies it, and pushes it over to a second \MTA\ instance. The second \MTA\ is responsible for further delivery of the mail. Appendix \ref{app:FIXME} shows configuration files to create such a setup. This is a concept that works in general. However, real spam \emph{prevention}---to not accept spam mail at all---or good filter interfaces are not available, but are nessesary for using \masqmail\ in an unsafe environment. | |
| 222 | |
| 223 There is currently no way of archiving every message going through \masqmail. | |
| 224 | |
| 225 | |
| 226 %fixme: write about non-functional requirements | |
| 227 | |
| 228 | |
| 229 | |
| 230 \subsubsection*{Missing parts} | |
| 231 | |
| 232 Support for other protocols than \SMTP\ seems not to be nessesary at the moment. Adding such support will need lots of work in all parts of \masqmail, hence delaying it until the support is needed appears to be the best solution. | |
| 233 | |
| 234 Authentication of incoming \SMTP\ connections is definately needed and should be added soon. The same applies to encryption of incomming connections. These two features are essential for restricting relaying and providing privacy. | |
| 235 | |
| 236 As authentication can be a guard against spam, filter facilities have lower priority. But basic spam filtering and interfaces for external tools should be implemented in future. Content checking, if really nessesary, should be left over to the \NAME{MDA}, to deal with it in local delivery. | |
| 237 | |
| 238 Archiving again is prefered to be implemented soon. It does not require much work, but enables all kinds of statistical analysis. Also it is a requirement for companies to archive their mail communication. | |
| 239 | |
| 240 %fixme: what about non-functional requirements? | |
| 214 | 241 |
| 215 | 242 |
| 216 | 243 |
| 217 | 244 |
| 218 \subsubsection*{Discussion on architecture} | 245 \subsubsection*{Discussion on architecture} |
| 246 | |
| 247 %fixme: why is there a need for a new arch?? | |
| 248 | |
| 219 | 249 |
| 220 A program's architecture is probably the most influencing design decision, and has the greatest impact on the program's future capabilities. %fixme: search quote ... check if good | 250 A program's architecture is probably the most influencing design decision, and has the greatest impact on the program's future capabilities. %fixme: search quote ... check if good |
| 221 | 251 |
| 222 \masqmail's current artitecture is monolitic like \sendmail's and \exim's. But more than the other two, is it one block of interweaved code. \sendmail\ provides now, with its \name{milter} interface, standardized connection channels to external modules. \exim\ has a highly structured code with many internal interfaces, like the one for supported authentication ``modules''. \masqmail\ has none of them; it is what \sendmail\ was in the beginning: a single large block. | 252 \masqmail's current artitecture is monolitic like \sendmail's and \exim's. But more than the other two, is it one block of interweaved code. \sendmail\ provides now, with its \name{milter} interface, standardized connection channels to external modules. \exim\ has a highly structured code with many internal interfaces, like the one for supported authentication ``modules''. \masqmail\ has none of them; it is what \sendmail\ was in the beginning: a single large block. |
| 223 | 253 |
| 256 \person{Hafiz} adds: ``The major idea is that security cannot be retrofitted into an architecture.''\cite[page 64]{hafiz05} | 286 \person{Hafiz} adds: ``The major idea is that security cannot be retrofitted into an architecture.''\cite[page 64]{hafiz05} |
| 257 | 287 |
| 258 All this leads to one logical step: The rewrite of \masqmail\ using a modern, modular architecture, to get a modern \MTA\ satisfying nowadays needs. | 288 All this leads to one logical step: The rewrite of \masqmail\ using a modern, modular architecture, to get a modern \MTA\ satisfying nowadays needs. |
| 259 | 289 |
| 260 | 290 |
| 261 | |
| 262 \subsubsection*{A design from scratch?} | |
| 263 | 291 |
| 264 << what would be needed (effort) >> | 292 << what would be needed (effort) >> |
| 265 | 293 |
| 266 The next section is a design | 294 The next section is a design |
| 267 | 295 |
| 718 | 746 |
| 719 | 747 |
| 720 | 748 |
| 721 | 749 |
| 722 | 750 |
| 723 \section{Directions to go} | 751 \section{Result} |
| 752 | |
| 753 Directions to go | |
| 724 | 754 |
| 725 Now how could \masqmail\ be like in, say, five years? | 755 Now how could \masqmail\ be like in, say, five years? |
| 726 | 756 |
| 727 This section discusses about what shapes \masqmail\ could have---which directions the development could go to. | 757 This section discusses about what shapes \masqmail\ could have---which directions the development could go to. |
| 728 | 758 |