1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/docs/masqmail-security.txt	Thu Oct 02 21:29:49 2008 +0200
     1.3 @@ -0,0 +1,20 @@
     1.4 +masqmail security
     1.5 +=================
     1.6 +
     1.7 +masqmail is not intended to listen on a port open to the internet. Its normal
     1.8 +operation is on workstations and listening only on localhost.
     1.9 +Generally masqmail should only listen on a port accessable by only trusted
    1.10 +users. Therefor a firewall should be set up to protect against attacks.
    1.11 +
    1.12 +Security is not a primary goal of masqmail, because its jobs is normally not in
    1.13 +dangerous areas. But secrurity should always be a secondary goal, especially for
    1.14 +everything that communicates with/via the internet. (And also for programs that
    1.15 +run suid-root, like all mail transfer agents.)
    1.16 +
    1.17 +masqmail should be hardened in future! A common and good way to do that is to
    1.18 +split it up in several programs, each doing one particular job with only the
    1.19 +needed rights. This approach is taken by qmail for example.
    1.20 +postfix took qmail as inspiration and is nearly as secure as it---in contrast to
    1.21 +sendmail which implements a monolitic architecture.
    1.22 +But monolitic architectures must not be bad in general. exim for example shows
    1.23 +that a monolitic MTA can be secure---if it one cared about it.