meillo@25: masqmail security
meillo@25: =================
meillo@25: 
meillo@25: masqmail is not intended to listen on a port open to the internet. Its normal
meillo@25: operation is on workstations and listening only on localhost.
meillo@25: Generally masqmail should only listen on a port accessable by only trusted
meillo@25: users. Therefor a firewall should be set up to protect against attacks.
meillo@25: 
meillo@25: Security is not a primary goal of masqmail, because its jobs is normally not in
meillo@25: dangerous areas. But secrurity should always be a secondary goal, especially for
meillo@25: everything that communicates with/via the internet. (And also for programs that
meillo@25: run suid-root, like all mail transfer agents.)
meillo@25: 
meillo@25: masqmail should be hardened in future! A common and good way to do that is to
meillo@25: split it up in several programs, each doing one particular job with only the
meillo@25: needed rights. This approach is taken by qmail for example.
meillo@25: postfix took qmail as inspiration and is nearly as secure as it---in contrast to
meillo@25: sendmail which implements a monolitic architecture.
meillo@25: But monolitic architectures must not be bad in general. exim for example shows
meillo@25: that a monolitic MTA can be secure---if it one cared about it.