# HG changeset patch # User meillo@marmaro.de # Date 1229536097 -3600 # Node ID 18b7b517e2dd38da668fbe24b28aca9e19b759d5 # Parent d8ad54f11e8806c668813e643e861916aa263e37 wrote about discussion on architecture diff -r d8ad54f11e88 -r 18b7b517e2dd thesis/tex/4-MasqmailsFuture.tex --- a/thesis/tex/4-MasqmailsFuture.tex Wed Dec 17 18:47:32 2008 +0100 +++ b/thesis/tex/4-MasqmailsFuture.tex Wed Dec 17 18:48:17 2008 +0100 @@ -60,6 +60,10 @@ Spam is a major threat. According to the \NAME{SWOT} analysis, the goal is to reduce it to a bearable level. Spam fighting is a war are where the good guys tend to lose. Putting too much effort there will result in few gain. Real success will only be possible with new---better---protocols and abandonning the weak legacy technologies. Hence \masqmail\ should be able to provide state-of-the-art spam protection, but not more. +\subsubsection*{Security} +\MTA{}s are critical points for computer security, as they are accessable from external networks. They must be secured with high effort. Properties like high priviledge level, work load influenced from extern, work on unsafe data, and demand for reliability, increase the security needed. Unsecure and unreliable \mta{}s are of no value. \masqmail\ needs to b e secure enough for its target field of operation. + + \subsubsection*{Easy configuration} Having \mta{}s on many home servers and clients, requires easy and standardized configuration. The common setups should be configurable with single actions by the user. Complex configuration should be possible, but focused must be the most common form of configuration: choosing one of several standard setups. @@ -68,10 +72,67 @@ +\section{Discussion on architecture} -\section{Directions to go} +A program's architecture is maybe the most influencing design decision, and has the greatest impact on the program's future capabilities. %fixme: search quote ... check if good -This section discusses about what shapes \masqmail\ could have---which directions the development could go to. +\masqmail's current artitecture is monolitic like \sendmail's and \exim's. But more than the other two, is it one block of interweaved code. \sendmail\ provides now, with its \name{milter} interface, standardized connection channels to external modules. \exim\ has a highly structured code with many internal interfaces, like the one for supported authentication ``modules''. \masqmail\ has none of them; it is what \sendmail\ was in the beginning: a single large block. + +Figure \ref{fig:masqmail-arch} is an attempt to depict \masqmail's internal structure. + +\begin{figure} + \begin{center} + \input{input/masqmail-arch.tex} + \end{center} + \caption{Internal architecture of \masqmail} + \label{fig:masqmail-arch} +\end{figure} + +\sendmail\ improved its old architecture, for example by adding the milter interface. \exim\ was designed and is carefully maintained with a modular-like code structure in mind. \qmail\ started from scratch with a security-first approach, \postfix\ improved on it, and \name{sendmail X}/\name{MeTA1} tries to adopt the best of \qmail\ and \postfix, to completely replace the old \sendmail\ architecture. \person{Hafiz} \cite{hafiz05}. describes this evolution of \mta\ architecture very well. + +Every one of the popular \MTA{}s is more modular, or became more modular, than \masqmail. The logical step is to rewrite \masqmail\ using a modern, modular architecture to get a modern \MTA\ satisfying nowadays needs. But how is the effort of this complete rewrite compared to what is gained afterwards? + + + + +A secure architecture is of need. + + + + + + + +(ssl) +-> msg-in (local or remote protocol handlers) +-> spam-filter (and more) +-> queue +-> msg-out (local-delivery by MDA, or remote-protocol-handlers) +(ssl) + +A design from scratch? + +<< what would be needed (effort) >> + +<< would one create it at all? >> + +<< should it be done? >> + + +http://fanf.livejournal.com/50917.html %how not to design an mta - the sendmail command +http://fanf.livejournal.com/51349.html %how not to design an mta - partitioning for security +http://fanf.livejournal.com/61132.html %how not to design an mta - local delivery +http://fanf.livejournal.com/64941.html %how not to design an mta - spool file format +http://fanf.livejournal.com/65203.html %how not to design an mta - spool file logistics +http://fanf.livejournal.com/65911.html %how not to design an mta - more about log-structured MTA queues +http://fanf.livejournal.com/67297.html %how not to design an mta - more log-structured MTA queues +http://fanf.livejournal.com/70432.html %how not to design an mta - address verification +http://fanf.livejournal.com/72258.html %how not to design an mta - content scanning + + +\subsubsection*{local mail delivery} +But for example delivery of mail to local users is \emph{not} what \mta{}s should care about, although most \MTA\ are able to deliver mail, and many do. (\name{mail delivery agents}, like \name{procmail} and \name{maildrop}, are the right programs for this job.) + @@ -108,55 +169,6 @@ -\subsection{Architecture} - -The programs architecture is maybe the most influencing design decision with the greatest impact on the programs further capabilities. %fixme: search quote ... check if good - -\masqmail's current artitecture is monolitic like \sendmail's and \exim's. But more than the other two, is it one block of interweaved code. \sendmail\ provides, with its \name{milter} interface, standardized connection channels to external modules. \exim\ has a highly structured code with many internal interfaces, like the one for supported authentication ``modules''. \masqmail\ has none of them. - -Figure \ref{fig:masqmail-arch} is an attempt to depict \masqmail's internal structure. - -\begin{figure} - \begin{center} - \input{input/masqmail-arch.tex} - \end{center} - \caption{Internal architecture of \masqmail} - \label{fig:masqmail-arch} -\end{figure} - - - -(ssl) --> msg-in (local or remote protocol handlers) --> spam-filter (and more) --> queue --> msg-out (local-delivery by MDA, or remote-protocol-handlers) -(ssl) - -A design from scratch? - -<< what would be needed (effort) >> - -<< would one create it at all? >> - -<< should it be done? >> - -http://fanf.livejournal.com/50917.html %how not to design an mta - the sendmail command -http://fanf.livejournal.com/51349.html %how not to design an mta - partitioning for security -http://fanf.livejournal.com/61132.html %how not to design an mta - local delivery -http://fanf.livejournal.com/64941.html %how not to design an mta - spool file format -http://fanf.livejournal.com/65203.html %how not to design an mta - spool file logistics -http://fanf.livejournal.com/65911.html %how not to design an mta - more about log-structured MTA queues -http://fanf.livejournal.com/67297.html %how not to design an mta - more log-structured MTA queues -http://fanf.livejournal.com/70432.html %how not to design an mta - address verification -http://fanf.livejournal.com/72258.html %how not to design an mta - content scanning - - -\subsubsection*{local mail delivery} -But for example delivery of mail to local users is \emph{not} what \mta{}s should care about, although most \MTA\ are able to deliver mail, and many do. (\name{mail delivery agents}, like \name{procmail} and \name{maildrop}, are the right programs for this job.) - - - @@ -175,6 +187,10 @@ +\section{Directions to go} + +This section discusses about what shapes \masqmail\ could have---which directions the development could go to. +