# HG changeset patch # User meillo@marmaro.de # Date 1232300010 -3600 # Node ID 0d88bf21e152207a19b15de5cc76842d0d3dc083 # Parent 39fffd8d1100def9cb92d7add263824612779ac4 minor changes diff -r 39fffd8d1100 -r 0d88bf21e152 thesis/tex/2-MarketAnalysis.tex --- a/thesis/tex/2-MarketAnalysis.tex Sun Jan 18 13:08:32 2009 +0100 +++ b/thesis/tex/2-MarketAnalysis.tex Sun Jan 18 18:33:30 2009 +0100 @@ -179,6 +179,7 @@ \subsection{Trends for electronic mail} +\label{sec:email-trends} Noting remains the same, so does the email technology not. Emailing in future will probably differ from emailing today. This section tries to identify possible trends affecting the future of electronic mail. diff -r 39fffd8d1100 -r 0d88bf21e152 thesis/tex/4-MasqmailsFuture.tex --- a/thesis/tex/4-MasqmailsFuture.tex Sun Jan 18 13:08:32 2009 +0100 +++ b/thesis/tex/4-MasqmailsFuture.tex Sun Jan 18 18:33:30 2009 +0100 @@ -220,7 +220,7 @@ \paragraph{\RG10: Usability} Usability, not mentioned by \person{Hafiz} (he focuses on architecture) but by \person{Spinellis} and \person{Kan}, is a property very important from the user's point of view. Software with bad usability is rarely used, no matter how good it is. If substitutes with better usability exist, the user will switch to one of them. Here, usability includes setting up and configuring; and the term ``users'' includes administrators. Having \mta{}s on home servers and workstations requires easy and standardized configuration. The common setups should be configurable with little action by the user. Complex configuration should be possible, but focused must be the most common form of configuration: choosing one of several common setups. -<< masqmail as portable app? >> +%fixme: << masqmail as portable app? >> @@ -281,10 +281,7 @@ \paragraph{\RF1: In/out channels} -The incoming and outgoing channels that \masqmail\ already has are the ones required for an \MTA{}s at the moment. They are depicted in figure \ref{fig:masqmail-in-out} on page \pageref{fig:masqmail-in-out}. -Support for other protocols seems not to be necessary at the moment, although new protocols and mailing concepts are likely to appear (see section \ref{sec:electronic-mail}). -Today, other protocols are not needed, so \masqmail\ is regarded to fulfill \RF1. -But as \masqmail\ has no support for adding further protocols, delaying the work to support them until they are widely used, appears to be the best strategy anyway. +The incoming and outgoing channels that \masqmail\ already has (depicted in figure \ref{fig:masqmail-channels} on page \pageref{fig:masqmail-channels}) are the ones required for an \MTA{}s at the moment. Support for other protocols seems not to be necessary at the moment, although new protocols and mailing concepts are likely to appear (see section \ref{sec:email-trends}). Today, other protocols are not needed, so \masqmail\ is regarded to fulfill \RF1. But as \masqmail\ has no support for adding further protocols, delaying the work to support them until they are widely used, appears to be the best strategy anyway. << smtp submission >> %fixme @@ -297,7 +294,7 @@ The envelope and mail headers are generated when the mail is put into the queue. The requirements are fulfilled. \paragraph{\RF4: Aliasing} -Aliasing is done on delivery. All common kinds of aliases in the global aliases file are supported. \name{.forward} aliasing is not, but this is less common and seldom used. +Aliasing is done on delivery. All common kinds of aliases in the global aliases file are supported. So called \name{.forward} aliasing is not, but this is less common and seldom used. \paragraph{\RF5: Route management} Setting of the route to use is done on delivery. Headers can get rewritten a second time then. This part does provide all the functionality required. @@ -306,7 +303,7 @@ Static authentication, based on \NAME{IP} addresses, can be achieved with \person{Venema}'s \NAME{TCP} \name{Wrapper} \cite{venema92}, by editing the \path{hosts.allow} and \path{hosts.deny} files. This is only relevant to authenticate host that try to submit mail into the system. Dynamic (secret-based) \SMTP\ authentication is already supported in form of \NAME{SMTP-AUTH} and \SMTP-after-\NAME{POP}, but only for outgoing connections. For incoming connections, only address-based authentication is supported. \paragraph{\RF7: Encryption} -Similar is the situation for encryption which is also only available for outgoing channels; here a wrapper application like \name{openssl} is needed. This creates a secure tunnel to send mail trough, but state-of-the-art is using \NAME{STARTTLS}, which is not supported. For incoming channels, no encryption is available. The only possible setup to provide encryption of incoming channels is using an application like \name{stunnel} to translate between the secure connection to the remote host and the \MTA. Unfortunately, this suffers from the problem explained in section \ref{sec:FIXME} and figure \ref{fig:stunnel}. Anyway, this would still be no \NAME{STARTTLS} support. +Similar is the situation for encryption which is also only available for outgoing channels; here a wrapper application like \name{openssl} is needed. This creates a secure tunnel to send mail trough, but state-of-the-art is using \NAME{STARTTLS}, which is not supported. For incoming channels, no encryption is available. The only possible setup to provide encryption of incoming channels is using an application like \name{stunnel} to translate between the secure connection to the remote host and the \MTA. Unfortunately, this suffers from the problem explained on page \pageref{fig:stunnel} in figure \ref{fig:stunnel}. Anyway, this would still be no \NAME{STARTTLS} support. \paragraph{\RF8: Spam handling} \masqmail\ nowadays does not provide special support for spam filtering. Spam prevention by not accepting spam during the \SMTP\ dialog is not possible at all. Spam filtering is only possible by using two \masqmail\ instances with an external spam filter inbetween. The mail flow is from the receiving \MTA\ instance, which accepts mail, to the filter application that processes and possible modifies it, to the second \MTA\ which is responsible for further delivery of the mail. This is a concept that works in general. And it is a good concept in principle to separate work with clear interfaces. But the need of two instances of the same \MTA (each for only half of the job) with doubled setup, is more a work-around. Best is to have this data flow respected in the \MTA\ design, like in \postfix. But the more important part of spam handling, for sure, is done during the \SMTP\ dialog in completely refusing unwanted mail. @@ -334,8 +331,6 @@ In summary: Current reliability needs to be improved. %fixme: state machine -\masqmail\ uses the filesytem to store the queue, storing the queue in a databases might improve the reliability through better persistence. %fixme - \paragraph{\RG3: Robustness} The logging behavior of \masqmail\ is good, although it does not cover all problem situations. For example, if the queue directory is world writeable by accident (or as action of an intruder), any user can remove messages from the queue or replace them with own ones. \masqmail\ does not even write a debug message in this case. The origin of this problem, however, is \masqmail's trust in its environment. %todo: rule of robustness, rule of repair @@ -352,6 +347,7 @@ The testability suffers from missing modularity. Testing program parts is hard to do. Nevertheless, it is done by compiling parts of the source to special test programs. %fixme: what are the names? what do they test? This kind of testing is only clean-room testing, so .... %fixme + % XXX \paragraph{\RG7: Performance} The performance---efficiency---of \masqmail\ is good enough for its target field of operation, where this is a minor goal. diff -r 39fffd8d1100 -r 0d88bf21e152 thesis/tex/5-Improvements.tex --- a/thesis/tex/5-Improvements.tex Sun Jan 18 13:08:32 2009 +0100 +++ b/thesis/tex/5-Improvements.tex Sun Jan 18 18:33:30 2009 +0100 @@ -15,7 +15,7 @@ -\subsection{Encryption} +\subsubsection*{Encryption} Electronic mail is very weak to sniffing attacks, because all data transfer is unencrypted. This concerns the message's content, as well as the email addresses in header and envelope, but also authentication dialogs that may transfer plain text passwords (\NAME{PLAIN} and \NAME{LOGIN} are examples). Adding encryption is therefor wanted. @@ -57,7 +57,7 @@ -\subsection{Authentication} +\subsubsection*{Authentication} Several ways to restrict access are available. The most simple one is restrictiction by the \NAME{IP} address. No extra complexity is added this way, but static \NAME{IP} addresses are mandatory. This kind of restriction may be enabled using the operating system's \path{hosts.allow} and \path{hosts.deny} files. To allow only connections to port 25 from localhost or the local network \texttt{192.168.100.0/24} insert the line ``\texttt{25: ALL}'' into \path{hosts.deny} and ``\texttt{25: 127.0.0.1, 192.168.100.}'' into \path{hosts.allow}. @@ -94,7 +94,7 @@ -\subsection{Security} +\subsubsection*{Security} by using wrappers and interposition filters @@ -108,19 +108,19 @@ \end{verbatim} -\subsection{Reliability} +\subsubsection*{Reliability} discuss persistence through using databases -\subsection{Spam and malware handling} +\subsubsection*{Spam and malware handling} discuss the MTA->scanner->MTA approach -\subsection{Bug fixes} +\subsubsection*{Bug fixes} already fixed bugs @@ -194,6 +194,8 @@ %fixme: check, cite, and think about %fixme: discuss: filesystem vs. database +<< \masqmail\ uses the filesytem to store the queue, storing the queue in a databases might improve the reliability through better persistence. >> %fixme + %fixme: what about the ``rule of repair''?