# HG changeset patch # User meillo@marmaro.de # Date 1232055951 -3600 # Node ID 391793afb4cbe31754a8d5d71fd81279f309348e # Parent 591217f50f695bccbd5d224f6f1008a4f20eddfd itemize -> enumerate at some places diff -r 591217f50f69 -r 391793afb4cb thesis/tex/4-MasqmailsFuture.tex --- a/thesis/tex/4-MasqmailsFuture.tex Thu Jan 15 22:45:13 2009 +0100 +++ b/thesis/tex/4-MasqmailsFuture.tex Thu Jan 15 22:45:51 2009 +0100 @@ -98,11 +98,11 @@ Several ways to restrict access are available. The most simple one is restriction by the \NAME{IP} address. No extra complexity is added this way, but the \NAME{IP} addresses have to be static or within known ranges. This approach is often used to allow relaying for local nets. The access check can be done by the \MTA\ or by a guard (e.g.\ \NAME{TCP} \name{Wrappers}) before. The main advantage here is the minimal setup and maintainence work needed. This kind of access restriction is important to be implemented. This authentication based on \NAME{IP} addresses is impossible in situations where hosts with changing \NAME{IP} addresses, that are not part of a known subnet, need access. Then a authentication mechanism based on some \emph{secret} is required. Three common approaches exist: -\begin{itemize} +\begin{enumerate} \item \SMTP-after-\NAME{POP}: Uses authentication on the \NAME{POP} protocol to permit incoming \SMTP\ connections for a limited time afterwards. The variant \SMTP-after-\NAME{IMAP} exists too. \item \SMTP\ authentication: An extension to \SMTP. It allows to request authentication before mail is accepted. Here no helper protocols are needed. \item Certificates: The identity of a user or a host is confirmed by certificates that are signed by trusted authorities. Certificates are closely related to encryption, they do normally satisfy both needs: \NAME{SSL} tunnels encrypt the data transmission and allow to identify the remote user/host by his certificate. -\end{itemize} +\end{enumerate} At least one of the secret-based mechanisms should be supported. diff -r 591217f50f69 -r 391793afb4cb thesis/tex/5-Improvements.tex --- a/thesis/tex/5-Improvements.tex Thu Jan 15 22:45:13 2009 +0100 +++ b/thesis/tex/5-Improvements.tex Thu Jan 15 22:45:51 2009 +0100 @@ -132,7 +132,7 @@ -\section{The new design} +\section{A new design} The last chapter identified the requirements for a modern and securt \masqmail. Now the various jobs of an \MTA\ get assigned to modules, of which the new architecture is created. It is inspired by existing \MTA{}s and driven by the identified requirements. @@ -206,12 +206,12 @@ \subsubsection*{Aliasing} Where should aliases get expanded? They appear in different kind. Important are the ones available in the \path{aliases} file. Aliases can be: -\begin{itemize} +\begin{enumerate} \item a different local user (e.g.\ ``\texttt{bob: alice}'') \item a remote user (e.g.\ ``\texttt{bob: john@example.com}'') \item a list of users (e.g.\ ``\texttt{bob: alice, john@example.com}'') \item a command (e.g.\ ``\texttt{bob: |foo}'') -\end{itemize} +\end{enumerate} Addresses expanding to lists of users lead to more envelopes. Aliases changing the reciptients domain part may require a different route to use. Aliasing is often handled in expanding the alias and reinjecting the mail into the system. Unfortunately, the mail is processed twice then; additionally does the system have to handle more mail this way. If it is wanted to check the new recipient address for acceptance and do all processing again, then reinjecting it is the best choice.