Mercurial > docs > diploma
comparison thesis/tex/5-Improvements.tex @ 287:6cf649e62d42
minor renames and commenting
| author | meillo@marmaro.de |
|---|---|
| date | Fri, 16 Jan 2009 10:35:48 +0100 |
| parents | 391793afb4cb |
| children | 8341092a7554 |
comparison
equal
deleted
inserted
replaced
| 286:980eb42256ff | 287:6cf649e62d42 |
|---|---|
| 7 long time goal, a new architecture: second part. | 7 long time goal, a new architecture: second part. |
| 8 | 8 |
| 9 | 9 |
| 10 | 10 |
| 11 | 11 |
| 12 \section{On base of current code} | 12 \section{Based on current code} |
| 13 | 13 |
| 14 The first three \TODO{}s are implementable by improving the current code or by adding wrappers or interposition filters. The following sections describe solution approaches to do that work. | 14 The first three \TODO{}s are implementable by improving the current code or by adding wrappers or interposition filters. The following sections describe solution approaches to do that work. |
| 15 | 15 |
| 16 | 16 |
| 17 | 17 |
| 63 | 63 |
| 64 If static access restriction is not possible, for example if mail from locations with changing \NAME{IP} addresses wants to be accepted, some kind of authentication mechanism is required. Three common kinds exist: | 64 If static access restriction is not possible, for example if mail from locations with changing \NAME{IP} addresses wants to be accepted, some kind of authentication mechanism is required. Three common kinds exist: |
| 65 | 65 |
| 66 \begin{enumerate} | 66 \begin{enumerate} |
| 67 \item \SMTP-after-\NAME{POP}: uses authenication on the \NAME{POP} protocol to permit incoming \SMTP\ connections for a limited time afterwards. | 67 \item \SMTP-after-\NAME{POP}: uses authenication on the \NAME{POP} protocol to permit incoming \SMTP\ connections for a limited time afterwards. |
| 68 \item \SMTP authentication: is an extension to \SMTP. Authentication can be requested before mail is accepted. | 68 \item \SMTP\ authentication: is an extension to \SMTP. Authentication can be requested before mail is accepted. |
| 69 \item Certificates: confirm the identity of someone. | 69 \item Certificates: confirm the identity of someone. |
| 70 \end{enumerate} | 70 \end{enumerate} |
| 71 | 71 |
| 72 The first mechanism requires a \NAME{POP} (or \NAME{IMAP}) server running on the same host (or a trusted one), to enable the \SMTP\ server to use the login dates on the \NAME{POP} server. This is a common practice used by mail service providers, but is not adequate for the environments \masqmail\ is designed for. | 72 The first mechanism requires a \NAME{POP} (or \NAME{IMAP}) server running on the same host (or a trusted one), to enable the \SMTP\ server to use the login dates on the \NAME{POP} server. This is a common practice used by mail service providers, but is not adequate for the environments \masqmail\ is designed for. |
| 73 | 73 |
| 210 \item a different local user (e.g.\ ``\texttt{bob: alice}'') | 210 \item a different local user (e.g.\ ``\texttt{bob: alice}'') |
| 211 \item a remote user (e.g.\ ``\texttt{bob: john@example.com}'') | 211 \item a remote user (e.g.\ ``\texttt{bob: john@example.com}'') |
| 212 \item a list of users (e.g.\ ``\texttt{bob: alice, john@example.com}'') | 212 \item a list of users (e.g.\ ``\texttt{bob: alice, john@example.com}'') |
| 213 \item a command (e.g.\ ``\texttt{bob: |foo}'') | 213 \item a command (e.g.\ ``\texttt{bob: |foo}'') |
| 214 \end{enumerate} | 214 \end{enumerate} |
| 215 Addresses expanding to lists of users lead to more envelopes. Aliases changing the reciptients domain part may require a different route to use. | 215 Addresses expanding to lists of users lead to more envelopes. Aliases changing the reciptients domain part may make the message unsuitable for a specific online route. |
| 216 | 216 |
| 217 Aliasing is often handled in expanding the alias and reinjecting the mail into the system. Unfortunately, the mail is processed twice then; additionally does the system have to handle more mail this way. If it is wanted to check the new recipient address for acceptance and do all processing again, then reinjecting it is the best choice. | 217 Aliasing is often handled in expanding the alias and reinjecting the mail into the system. Unfortunately, the mail is processed twice then; additionally does the system have to handle more mail this way. If it is wanted to check the new recipient address for acceptance and do all processing again, then reinjecting it is the best choice. |
| 218 | 218 |
| 219 | 219 |
| 220 | 220 |
| 221 \subsubsection*{Choose route to use} | 221 \subsubsection*{Route management} |
| 222 | 222 |
| 223 %fixme: rework!! | |
| 223 One key feature of \masqmail\ is its ability to send mail out in different ways. The decision is based on the current online state and whether a route may be used for a message or not. The online state can be retrieved in tree ways, explained in \ref{sec:fixme}. A route to send is found by checking every available route for being able to transfer the current message, until one matches. | 224 One key feature of \masqmail\ is its ability to send mail out in different ways. The decision is based on the current online state and whether a route may be used for a message or not. The online state can be retrieved in tree ways, explained in \ref{sec:fixme}. A route to send is found by checking every available route for being able to transfer the current message, until one matches. |
| 224 | 225 |
| 225 This functionality should be implemented in the module that is responsible to invoke one of the outgoing channel modules (for example the one for \SMTP\ or the pipe module). | 226 This functionality should be implemented in the module that is responsible to invoke one of the outgoing channel modules (for example the one for \SMTP\ or the pipe module). |
| 226 | 227 |
| 227 \masqmail\ can rewrite the envelope's from address and the \texttt{From:} header, dependent on the outgoing route to use. This rewrite must be done \emph{after} it is clear which route a mail will take, of course, so this may be not the module where other header editing is done. | 228 \masqmail\ can rewrite the envelope's from address and the \texttt{From:} header, dependent on the outgoing route to use. This rewrite must be done \emph{after} it is clear which route a mail will take, of course, so this may be not the module where other header editing is done. |
| 263 | 264 |
| 264 | 265 |
| 265 \subsubsection*{Spam prevention} | 266 \subsubsection*{Spam prevention} |
| 266 | 267 |
| 267 --- | 268 --- |
| 268 Spam is a major threat nowadays and the goal is to reduce it to a bearable level (see section \ref{sec:swot-analysis}). Spam fighting is a war are where the good guys tend to lose. Putting too much effort there will result in few gain. Real success will only be possible with new---better---protocols and abandonning the weak legacy technologies. Hence \masqmail\ should be able to provide state-of-the-art spam protection, but not more. | 269 |
| 270 Spam is a major threat nowadays and the goal is to reduce it to a bearable level (see section \ref{sec:swot-analysis}). Spam fighting is a war in which the good guys tend to lose. Putting too much effort there will result in few gain. Real success will only be possible with new---better---protocols and abandonning the weak legacy technologies. Hence \masqmail\ should be able to provide state-of-the-art spam protection, but not more. | |
| 271 | |
| 269 --- | 272 --- |
| 270 | 273 |
| 271 Spam is a major threat to email, as described in section \ref{sec:swot-analysis}. The two main problems are forgable sender addresses and that it is cheap to send hundreds of thousands of messages. Hence, spam senders can operate in disguise and have minimal cost. | 274 Spam is a major threat to email, as described in section \ref{sec:swot-analysis}. The two main problems are forgable sender addresses and that it is cheap to send hundreds of thousands of messages. Hence, spam senders can operate in disguise and have minimal cost. |
| 272 | 275 |
| 273 As spam is not just a nuisance for end users, but also for the infrastructure---the \mta{}s---by increasing the amount of mail messages, \MTA{}s need to protect themself. Two approaches are used. | 276 As spam is not just a nuisance for end users but also for the infrastructure---the \mta{}s---by increasing the amount of mail messages. Thus \MTA{}s need to protect themself. Two different approaches are used: |
| 274 | 277 |
| 275 First refusing spam during the \SMTP\ dialog. This is the way it was meant by the designers of the \SMTP\ protocol. They thought checking the sender and reciptient mail addresses would be enough, but as they are forgable it is not. More and more complex checks need to be done. Checking needs time, but \SMTP\ dialogs time out if it takes too long. Thus only limited time can be used, during the \SMTP\ dialog, for checking if a message seems to be spam. The advantage is that acceptance of bad messages can be simply refused---no responsibility for the message is takes and no further system load is added. See \RFC2505 (especially section 1.5) for detail. | 278 \begin{enumerate} |
| 276 | 279 \item Refusing spam during the \SMTP\ dialog. This is the way it was meant by the designers of the \SMTP\ protocol. They thought checking the sender and reciptient mail addresses would be enough, but as they are forgable it is not. More and more complex checks need to be done. Checking needs time, but \SMTP\ dialogs time out if it takes too long. Thus only limited time can be used, during the \SMTP\ dialog, for checking if a message seems to be spam. The advantage is that acceptance of bad messages can be simply refused---no responsibility for the message is taken and no further system load is added. See \RFC2505 (especially section 1.5) for detail. |
| 277 Second checking for spam after the mail was accepted and queued. Here more processing time can be invested, so more detailed checks can be done. But, as responsibility for messages was taken by accepting them, it is no choice to simply delete spam mail. Checks for spam do not lead to sure results, they just indicate the possibility the message is unwanted mail. \person{Eisentraut} indicates actions to take after a message is recognized as probably spam \cite[pages 18--20]{eisentraut05}. The only acceptable one, for mail the \MTA\ is responsible for, is adding further or rewriting existent header lines. Thus all further work on the message is the same as for non-spam messages. | 280 |
| 281 \item | |
| 282 Checking for spam after the mail was accepted and queued. Here more processing time can be invested, so more detailed checks can be done. But, as responsibility for messages was taken by accepting them, it is no choice to simply delete spam mail. Checks for spam do not lead to sure results, they just indicate the possibility the message is unwanted mail. \person{Eisentraut} indicates actions to take after a message is recognized as probably spam \cite[pages 18--20]{eisentraut05}. The only acceptable one, for mail the \MTA\ is responsible for, is adding further or rewriting existent header lines. Thus all further work on the message is the same as for non-spam messages. | |
| 283 \end{enumerate} | |
| 278 | 284 |
| 279 Modern \MTA{}s use both techniques in combination. Checks during the \SMTP\ dialog tend to be implemented in the \mta\ to make it fast; checks after the message was queued are often done using external programs (\name{spamassassin} is a well known one). \person{Eisentraut} sees the checks during the \SMTP\ dialog to be essentiell: ``Ganz ohne Analyse während der SMTP-Phase kommt sowieso kein MTA aus, und es ist eine Frage der Einschätzung, wie weit man diese Phase belasten möchte.''\cite[page 25]{eisentraut05} (translated: ``No \MTA\ can go without analysis during the \SMTP\ dialog, anyway, and it is a question of estimation how much to stress this period.'') | 285 Modern \MTA{}s use both techniques in combination. Checks during the \SMTP\ dialog tend to be implemented in the \mta\ to make it fast; checks after the message was queued are often done using external programs (\name{spamassassin} is a well known one). \person{Eisentraut} sees the checks during the \SMTP\ dialog to be essentiell: ``Ganz ohne Analyse während der SMTP-Phase kommt sowieso kein MTA aus, und es ist eine Frage der Einschätzung, wie weit man diese Phase belasten möchte.''\cite[page 25]{eisentraut05} (translated: ``No \MTA\ can go without analysis during the \SMTP\ dialog, anyway, and it is a question of estimation how much to stress this period.'') |
| 280 | 286 |
| 281 \NAME{DNS} blacklists (short: \NAME{DNSBL}) and \name{greylisting} are checks to be done before accepting the message. Invoking \name{spamassassin}, to add headers containing the estimated spam probability, is best to be invoked after the message is queued. | 287 \NAME{DNS} blacklists (short: \NAME{DNSBL}) and \name{greylisting} are checks to be done before accepting the message. Invoking \name{spamassassin}, to add headers containing the estimated spam probability, is best to be invoked after the message is queued. |
| 282 | 288 |
| 373 | 379 |
| 374 The \name{scanning} module is the central part of the system. It takes spooled messages from the \name{incoming} queue, works on them, and writes them to the \name{outgoing} queue afterwards (the message is then removed from the \name{incoming} queue, of course). The main job is the processing done on the message. Headers are fixed and missing ones are added if necessary, aliasing is done, and external processing of any kind is triggered. The \name{scanning} module can run in background and look for new mail in regular intvals or signals may be sent to it by \name{queue-in}. Alternatively it can be called by \name{cron}, for example, to do single runs. | 380 The \name{scanning} module is the central part of the system. It takes spooled messages from the \name{incoming} queue, works on them, and writes them to the \name{outgoing} queue afterwards (the message is then removed from the \name{incoming} queue, of course). The main job is the processing done on the message. Headers are fixed and missing ones are added if necessary, aliasing is done, and external processing of any kind is triggered. The \name{scanning} module can run in background and look for new mail in regular intvals or signals may be sent to it by \name{queue-in}. Alternatively it can be called by \name{cron}, for example, to do single runs. |
| 375 | 381 |
| 376 | 382 |
| 377 The \name{queue-out} module takes messages from the \name{outgoing} queue, queries information about the online connection, and then selects matching routes, creates envelopes for each recipient and passes the messages to the correct transport module. Successfully transfered messages are removed from the \name{outgoing} queue. This module includes some tasks specific to \masqmail. | 383 The \name{queue-out} module takes messages from the \name{outgoing} queue, queries information about the online connection, and then selects matching routes, creates envelopes for each recipient and passes the messages to the correct transport module. Successfully transfered messages are removed from the \name{outgoing} queue. This module includes some tasks specific to \masqmail. |
| 384 %fixme: rework route selection | |
| 378 | 385 |
| 379 | 386 |
| 380 The \name{incoming} queue stores messages received via one of the incoming channels. The messages are in unprocessed form; only envelope data is prepended. | 387 The \name{incoming} queue stores messages received via one of the incoming channels. The messages are in unprocessed form; only envelope data is prepended. |
| 381 | 388 |
| 382 | 389 |