--- a/thesis/tex/5-Improvements.tex	Thu Jan 15 15:27:41 2009 +0100
+++ b/thesis/tex/5-Improvements.tex	Thu Jan 15 15:44:31 2009 +0100
@@ -62,11 +62,13 @@
 Several ways to restrict access are available. The most simple one is restrictiction by the \NAME{IP} address. No extra complexity is added this way, but static \NAME{IP} addresses are mandatory. This kind of restriction may be enabled using the operating system's \path{hosts.allow} and \path{hosts.deny} files. To allow only connections to port 25 from localhost or the local network \texttt{192.168.100.0/24} insert the line ``\texttt{25: ALL}'' into \path{hosts.deny} and ``\texttt{25: 127.0.0.1, 192.168.100.}'' into \path{hosts.allow}.
 
 If static access restriction is not possible, for example if mail from locations with changing \NAME{IP} addresses wants to be accepted, some kind of authentication mechanism is required. Three common kinds exist:
+
 \begin{enumerate}
 	\item \SMTP-after-\NAME{POP}: uses authenication on the \NAME{POP} protocol to permit incoming \SMTP\ connections for a limited time afterwards.
 	\item \SMTP authentication: is an extension to \SMTP. Authentication can be requested before mail is accepted.
 	\item Certificates: confirm the identity of someone.
 \end{enumerate}
+
 The first mechanism requires a \NAME{POP} (or \NAME{IMAP}) server running on the same host (or a trusted one), to enable the \SMTP\ server to use the login dates on the \NAME{POP} server. This is a common practice used by mail service providers, but is not adequate for the environments \masqmail\ is designed for.
 
 Certificate based authentication, like provided by \NAME{TLS}, suffers from the overhead of certificate management. But \NAME{TLS} provides encryption too, so is useful anyway.
@@ -78,6 +80,8 @@
 \hfill\cite[page 44]{dent04}
 \end{quote}
 
+
+Compare static with dynamic authentication: pros and cons; usecases: when to use what; how could this be covered by architecture (e.g. smtp submission).
 %either by
 %- network/ip address
 %	easiest: restricting by static IP addresses (Access control via hosts.allow/hosts.deny)
@@ -96,9 +100,20 @@
 
 split masqmail into two instances
 
+\begin{verbatim}
+     +--------+ ext ||||| int +--------+
+---> |stripped|---> inter --->|normal  |
+     |masqmail|     pos       |masqmail|
+     +--------+     |||||     +--------+
+\end{verbatim}
 
 
 
+\subsection{Spam and malware handling}
+
+discuss the MTA->scanner->MTA approach
+
+
 
 \subsection{Bug fixes}
 
@@ -173,6 +188,9 @@
 \sendmail, \exim, \qmail, and \masqmail\ all use at least two files to store one message in the queue: one file contains the message body, another the envelope and header information. The one containing the mail body is not modified at all. \postfix\ takes a different approach in storing queued messages in an internal format within one file. \person{Finch} takes yet another different approach in suggesting to store the whole queue in one single file with pointers to separating positions \cite{finchFIXME}.
 %fixme: check, cite, and think about
 
+%fixme: discuss: filesystem vs. database
+
+%fixme: what about the ``rule of repair''?
 
 
 \subsubsection*{Sanitize mail}