docs/diploma
diff docs/masqmail-security.txt @ 25:33149fbcac81
added mta-comparision and texts about masqmail
author | meillo@marmaro.de |
---|---|
date | Thu, 02 Oct 2008 21:29:49 +0200 |
parents | |
children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/docs/masqmail-security.txt Thu Oct 02 21:29:49 2008 +0200 1.3 @@ -0,0 +1,20 @@ 1.4 +masqmail security 1.5 +================= 1.6 + 1.7 +masqmail is not intended to listen on a port open to the internet. Its normal 1.8 +operation is on workstations and listening only on localhost. 1.9 +Generally masqmail should only listen on a port accessable by only trusted 1.10 +users. Therefor a firewall should be set up to protect against attacks. 1.11 + 1.12 +Security is not a primary goal of masqmail, because its jobs is normally not in 1.13 +dangerous areas. But secrurity should always be a secondary goal, especially for 1.14 +everything that communicates with/via the internet. (And also for programs that 1.15 +run suid-root, like all mail transfer agents.) 1.16 + 1.17 +masqmail should be hardened in future! A common and good way to do that is to 1.18 +split it up in several programs, each doing one particular job with only the 1.19 +needed rights. This approach is taken by qmail for example. 1.20 +postfix took qmail as inspiration and is nearly as secure as it---in contrast to 1.21 +sendmail which implements a monolitic architecture. 1.22 +But monolitic architectures must not be bad in general. exim for example shows 1.23 +that a monolitic MTA can be secure---if it one cared about it.