1 masqmail security

2 =================

3

4 masqmail is not intended to listen on a port open to the internet. Its normal

5 operation is on workstations and listening only on localhost.

6 Generally masqmail should only listen on a port accessable by only trusted

7 users. Therefor a firewall should be set up to protect against attacks.

8

9 Security is not a primary goal of masqmail, because its jobs is normally not in

10 dangerous areas. But secrurity should always be a secondary goal, especially for

11 everything that communicates with/via the internet. (And also for programs that

12 run suid-root, like all mail transfer agents.)

13

14 masqmail should be hardened in future! A common and good way to do that is to

15 split it up in several programs, each doing one particular job with only the

16 needed rights. This approach is taken by qmail for example.

17 postfix took qmail as inspiration and is nearly as secure as it---in contrast to

18 sendmail which implements a monolitic architecture.

19 But monolitic architectures must not be bad in general. exim for example shows

20 that a monolitic MTA can be secure---if it one cared about it.