Mercurial > docs > diploma
comparison thesis/tex/5-Improvements.tex @ 298:0d88bf21e152
minor changes
| author | meillo@marmaro.de |
|---|---|
| date | Sun, 18 Jan 2009 18:33:30 +0100 |
| parents | 8341092a7554 |
| children | 1b2f12da528a |
comparison
equal
deleted
inserted
replaced
| 297:39fffd8d1100 | 298:0d88bf21e152 |
|---|---|
| 13 | 13 |
| 14 The first three \TODO{}s are implementable by improving the current code or by adding wrappers or interposition filters. The following sections describe solution approaches to do that work. | 14 The first three \TODO{}s are implementable by improving the current code or by adding wrappers or interposition filters. The following sections describe solution approaches to do that work. |
| 15 | 15 |
| 16 | 16 |
| 17 | 17 |
| 18 \subsection{Encryption} | 18 \subsubsection*{Encryption} |
| 19 | 19 |
| 20 Electronic mail is very weak to sniffing attacks, because all data transfer is unencrypted. This concerns the message's content, as well as the email addresses in header and envelope, but also authentication dialogs that may transfer plain text passwords (\NAME{PLAIN} and \NAME{LOGIN} are examples). Adding encryption is therefor wanted. | 20 Electronic mail is very weak to sniffing attacks, because all data transfer is unencrypted. This concerns the message's content, as well as the email addresses in header and envelope, but also authentication dialogs that may transfer plain text passwords (\NAME{PLAIN} and \NAME{LOGIN} are examples). Adding encryption is therefor wanted. |
| 21 | 21 |
| 22 The common way to encrypt \SMTP\ dialogs is using \name{Transport Layer Security} (short: \TLS, successor of \NAME{SSL}). \TLS\ encrypts the datagrams of the \name{transport layer}. This means it works below the application protocols and can be used by any of them\citeweb{wikipedia:tls}. | 22 The common way to encrypt \SMTP\ dialogs is using \name{Transport Layer Security} (short: \TLS, successor of \NAME{SSL}). \TLS\ encrypts the datagrams of the \name{transport layer}. This means it works below the application protocols and can be used by any of them\citeweb{wikipedia:tls}. |
| 23 | 23 |
| 55 %\end{verbatim} | 55 %\end{verbatim} |
| 56 | 56 |
| 57 | 57 |
| 58 | 58 |
| 59 | 59 |
| 60 \subsection{Authentication} | 60 \subsubsection*{Authentication} |
| 61 | 61 |
| 62 Several ways to restrict access are available. The most simple one is restrictiction by the \NAME{IP} address. No extra complexity is added this way, but static \NAME{IP} addresses are mandatory. This kind of restriction may be enabled using the operating system's \path{hosts.allow} and \path{hosts.deny} files. To allow only connections to port 25 from localhost or the local network \texttt{192.168.100.0/24} insert the line ``\texttt{25: ALL}'' into \path{hosts.deny} and ``\texttt{25: 127.0.0.1, 192.168.100.}'' into \path{hosts.allow}. | 62 Several ways to restrict access are available. The most simple one is restrictiction by the \NAME{IP} address. No extra complexity is added this way, but static \NAME{IP} addresses are mandatory. This kind of restriction may be enabled using the operating system's \path{hosts.allow} and \path{hosts.deny} files. To allow only connections to port 25 from localhost or the local network \texttt{192.168.100.0/24} insert the line ``\texttt{25: ALL}'' into \path{hosts.deny} and ``\texttt{25: 127.0.0.1, 192.168.100.}'' into \path{hosts.allow}. |
| 63 | 63 |
| 64 If static access restriction is not possible, for example if mail from locations with changing \NAME{IP} addresses wants to be accepted, some kind of authentication mechanism is required. Three common kinds exist: | 64 If static access restriction is not possible, for example if mail from locations with changing \NAME{IP} addresses wants to be accepted, some kind of authentication mechanism is required. Three common kinds exist: |
| 65 | 65 |
| 92 % - POP/IMAP: pop-before-smtp, DRAC, WHOSON | 92 % - POP/IMAP: pop-before-smtp, DRAC, WHOSON |
| 93 % - TLS (certificates) | 93 % - TLS (certificates) |
| 94 | 94 |
| 95 | 95 |
| 96 | 96 |
| 97 \subsection{Security} | 97 \subsubsection*{Security} |
| 98 | 98 |
| 99 by using wrappers and interposition filters | 99 by using wrappers and interposition filters |
| 100 | 100 |
| 101 split masqmail into two instances | 101 split masqmail into two instances |
| 102 | 102 |
| 106 |masqmail| pos |masqmail| | 106 |masqmail| pos |masqmail| |
| 107 +--------+ ||||| +--------+ | 107 +--------+ ||||| +--------+ |
| 108 \end{verbatim} | 108 \end{verbatim} |
| 109 | 109 |
| 110 | 110 |
| 111 \subsection{Reliability} | 111 \subsubsection*{Reliability} |
| 112 | 112 |
| 113 discuss persistence through using databases | 113 discuss persistence through using databases |
| 114 | 114 |
| 115 | 115 |
| 116 | 116 |
| 117 \subsection{Spam and malware handling} | 117 \subsubsection*{Spam and malware handling} |
| 118 | 118 |
| 119 discuss the MTA->scanner->MTA approach | 119 discuss the MTA->scanner->MTA approach |
| 120 | 120 |
| 121 | 121 |
| 122 | 122 |
| 123 \subsection{Bug fixes} | 123 \subsubsection*{Bug fixes} |
| 124 | 124 |
| 125 already fixed bugs | 125 already fixed bugs |
| 126 | 126 |
| 127 | 127 |
| 128 | 128 |
| 192 | 192 |
| 193 \sendmail, \exim, \qmail, and \masqmail\ all use at least two files to store one message in the queue: one file contains the message body, another the envelope and header information. The one containing the mail body is not modified at all. \postfix\ takes a different approach in storing queued messages in an internal format within one file. \person{Finch} takes yet another different approach in suggesting to store the whole queue in one single file with pointers to separating positions \cite{finchFIXME}. | 193 \sendmail, \exim, \qmail, and \masqmail\ all use at least two files to store one message in the queue: one file contains the message body, another the envelope and header information. The one containing the mail body is not modified at all. \postfix\ takes a different approach in storing queued messages in an internal format within one file. \person{Finch} takes yet another different approach in suggesting to store the whole queue in one single file with pointers to separating positions \cite{finchFIXME}. |
| 194 %fixme: check, cite, and think about | 194 %fixme: check, cite, and think about |
| 195 | 195 |
| 196 %fixme: discuss: filesystem vs. database | 196 %fixme: discuss: filesystem vs. database |
| 197 << \masqmail\ uses the filesytem to store the queue, storing the queue in a databases might improve the reliability through better persistence. >> %fixme | |
| 198 | |
| 197 | 199 |
| 198 %fixme: what about the ``rule of repair''? | 200 %fixme: what about the ``rule of repair''? |
| 199 | 201 |
| 200 | 202 |
| 201 \subsubsection*{Sanitize mail} | 203 \subsubsection*{Sanitize mail} |