docs/diploma
view docs/masqmail-security.txt @ 409:ca763bd8c809
Added tag final version which I handed in for changeset ee7211546c02
| author | meillo@marmaro.de |
|---|---|
| date | Wed, 11 Feb 2009 08:55:32 +0100 |
| parents | |
| children |
line source
1 masqmail security
2 =================
4 masqmail is not intended to listen on a port open to the internet. Its normal
5 operation is on workstations and listening only on localhost.
6 Generally masqmail should only listen on a port accessable by only trusted
7 users. Therefor a firewall should be set up to protect against attacks.
9 Security is not a primary goal of masqmail, because its jobs is normally not in
10 dangerous areas. But secrurity should always be a secondary goal, especially for
11 everything that communicates with/via the internet. (And also for programs that
12 run suid-root, like all mail transfer agents.)
14 masqmail should be hardened in future! A common and good way to do that is to
15 split it up in several programs, each doing one particular job with only the
16 needed rights. This approach is taken by qmail for example.
17 postfix took qmail as inspiration and is nearly as secure as it---in contrast to
18 sendmail which implements a monolitic architecture.
19 But monolitic architectures must not be bad in general. exim for example shows
20 that a monolitic MTA can be secure---if it one cared about it.