# HG changeset patch # User meillo@marmaro.de # Date 1234046854 -3600 # Node ID 5254a119ad56549817eee54ce4d78172fd2d028e # Parent a641bea7a0872c05cbec82959ec97619fb6f08ee fixed all major trashing of the right margin diff -r a641bea7a087 -r 5254a119ad56 thesis/fig/masqmail-typical-usage.pic --- a/thesis/fig/masqmail-typical-usage.pic Sat Feb 07 22:51:17 2009 +0100 +++ b/thesis/fig/masqmail-typical-usage.pic Sat Feb 07 23:47:34 2009 +0100 @@ -39,7 +39,7 @@ move to last [].e -move 0.5 +move movewid/2 [ diff -r a641bea7a087 -r 5254a119ad56 thesis/tex/0-preface.tex --- a/thesis/tex/0-preface.tex Sat Feb 07 22:51:17 2009 +0100 +++ b/thesis/tex/0-preface.tex Sat Feb 07 23:47:34 2009 +0100 @@ -4,7 +4,7 @@ This thesis is about \masqmail, a small mail transfer agent for workstations and home networks. In October 2007 I had chosen \masqmail\ for my machines because of its small size though it was a ``real'' mail transfer agent. \masqmail\ served me well since then and I have found no reasons to change. -Unfortunately, the \masqmail\ package in \name{Debian}, which is my preferred \NAME{GNU}/Linux distribution, is unmaintained since the beginning of 2008. Unmaintained packages are likely to get dropped out of a distribution if critical bugs appear in them. Although \masqmail\ had no critical bugs, this was a situation I definitely wanted to prevent. +Unfortunately, the \masqmail\ package in \name{Debian}, which is my preferred \NAME{GNU}/Li\-nux distribution, is unmaintained since the beginning of 2008. Unmaintained packages are likely to get dropped out of a distribution if critical bugs appear in them. Although \masqmail\ had no critical bugs, this was a situation I definitely wanted to prevent. Using my diploma thesis as a ``power-start'' for maintaining and developing \masqmail\ in the future was a great idea. As it came to my mind I knew this is the thing I \emph{wanted} to do. --- I did it! :-) @@ -65,7 +65,7 @@ References to external resources are marked using one of three styles, distinguished by the type of resource. \begin{enumerate} -\item References to books, articles, and similar documents look like this: \cite{kernighan84}. The letters represent the author(s) (here \person{Kernighan} and \person{Pike}), while the number represents the year of publication (here 1984). +\item References to books, articles, and documents of similar kind, look like this: \cite{kernighan84}. The letters represent the author(s) (here \person{Kernighan} and \person{Pike}), while the number represents the year of publication (here 1984). \item Websites are different from documents as they are less some text written by some author but more a place where information is gathered. Website may also change from time to time, thus the date of access is given to indicate the version to which was referred. References to websites have such appearance: \citeweb{masqmail:homepage}. diff -r a641bea7a087 -r 5254a119ad56 thesis/tex/1-Introduction.tex --- a/thesis/tex/1-Introduction.tex Sat Feb 07 22:51:17 2009 +0100 +++ b/thesis/tex/1-Introduction.tex Sat Feb 07 23:47:34 2009 +0100 @@ -276,7 +276,7 @@ Mail queuing is essential for \masqmail\ and thus supported of course, alias expansion is also supported. \index{alias expansion} -The \masqmail\ executable can be called by various names for sendmail-compatibility reasons. As many programs expect the \MTA\ to be located at \path{/usr/lib/sendmail} or \path{/usr/sbin/sendmail}, symbolic links are pointing from there to the \masqmail\ executable. Furthermore does \sendmail\ support calling it with a different name instead of supplying command line arguments. The best known of these shortcuts is \path{mailq} which is equivalent to calling it with the argument \verb+-bq+. \masqmail\ recognizes the shortcuts \path{mailq}, \path{smtpd}, \path{mailrm}, \path{runq}, \path{rmail}, and \path{in.smtpd}. The first two are inspired by \sendmail. Not implemented yet is the shortcut \path{newaliases} because \masqmail\ does not generate binary representations of the alias file.\footnote{A shell script named \path{newaliases} that invokes \texttt{masqmail -bi} can provide the command to satisfy strict requirements.} \path{hoststat} and \path{purgestat} are missing for complete sendmail-compatibility. +The \masqmail\ executable can be called by various names for sendmail-com\-pa\-ti\-bi\-li\-ty reasons. As many programs expect the \MTA\ to be located at \path{/usr/lib/sendmail} or \path{/usr/sbin/sendmail}, symbolic links are pointing from there to the \masqmail\ executable. Furthermore does \sendmail\ support calling it with a different name instead of supplying command line arguments. The best known of these shortcuts is \path{mailq} which is equivalent to calling it with the argument \verb+-bq+. \masqmail\ recognizes the shortcuts \path{mailq}, \path{smtpd}, \path{mailrm}, \path{runq}, \path{rmail}, and \path{in.smtpd}. The first two are inspired by \sendmail. Not implemented yet is the shortcut \path{newaliases} because \masqmail\ does not generate binary representations of the alias file.\footnote{A shell script named \path{newaliases} that invokes \texttt{masqmail -bi} can provide the command to satisfy strict requirements.} \path{hoststat} and \path{purgestat} are missing for complete sendmail-compatibility. \index{sendmail!compatibility} \index{symbolic link} \index{shortcuts} diff -r a641bea7a087 -r 5254a119ad56 thesis/tex/2-MarketAnalysis.tex --- a/thesis/tex/2-MarketAnalysis.tex Sat Feb 07 22:51:17 2009 +0100 +++ b/thesis/tex/2-MarketAnalysis.tex Sat Feb 07 23:47:34 2009 +0100 @@ -97,7 +97,7 @@ \subsubsection*{Communication hardware} -Communication hardware comes from two different roots: On one side, the telephone, now available as mobile phones. This group centers around recorded data and dialog but messages are also supported by the answering machine and \NAME{SMS}. On the other side, mail and its relatives like email, which use computers as main hardware. This part centers around document messages but also supports dialog communication in Instant Messaging and Voice over \NAME{IP}. +Communication hardware comes from two different roots: On one side, the telephone, now available as mobile phones. This group centers around re\-cor\-ded data and dialog but messages are also supported by the answering machine and \NAME{SMS}. On the other side, mail and its relatives like email, which use computers as main hardware. This part centers around document messages but also supports dialog communication in Instant Messaging and Voice over \NAME{IP}. The last years finally brought the two groups together, with \name{smart phones} being the merging hardware element. Smart phones are computers in the size of mobile phones or mobile phones with the capabilities of computers, however one likes to see it. They provide both functions by being telephones \emph{and} computers. \index{smart phone} @@ -165,7 +165,7 @@ \hfill\cite{wheeler03} \end{quote} -The amount of spam is huge. Panda Security and Commtouch state in their \name{Email Threats Trend Report} for the second Quarter of 2008: ``Spam levels throughout the second quarter averaged 77\,\%, ranging from a low of 64\,\% to a peak of 94\,\% of all email [...]'' \cite[page 4]{panda:email-threats}. The report sees the main source of spam in bot nets consisting of zombie computers: ``Spam and malware levels remain high for yet another quarter, powered by the brawny yet agile networks of zombie \NAME{IP}s.'' \cite[page 1]{panda:email-threats}. This is supported by IronPort Systems: ``More than 80 percent of spam now comes from a `zombie'---an infected \NAME{PC}, typically in a consumer broadband network, that has been hijacked by spammers.'' \cite{ironport:zombie-computers}. Positive for \MTA{}s is that they are not the main source for spam, but it is only a small delight. Spam is a general weakness of the email system because it is not stoppable. +The amount of spam is huge. Panda Security and Commtouch write in their \name{Email Threats Trend Report} for the second Quarter of 2008: ``Spam levels throughout the second quarter averaged 77\,\%, ranging from a low of 64\,\% to a peak of 94\,\% of all email [...]'' \cite[page 4]{panda:email-threats}. The report sees the main source of spam in bot nets consisting of zombie computers: ``Spam and malware levels remain high for yet another quarter, powered by the brawny yet agile networks of zombie \NAME{IP}s.'' \cite[page 1]{panda:email-threats}. This is supported by IronPort Systems: ``More than 80 percent of spam now comes from a `zombie'---an infected \NAME{PC}, typically in a consumer broadband network, that has been hijacked by spammers.'' \cite{ironport:zombie-computers}. Positive for \MTA{}s is that they are not the main source for spam, but it is only a small delight. Spam is a general weakness of the email system because it is not stoppable. \index{spam!sources of} @@ -265,7 +265,7 @@ \MTA{}s are still important in this new email architecture, but in a slightly different way. They do not transfer mail itself anymore, but they transport the notifications about new mail to the destinations. This is a quite similar job as in the \NAME{SMTP} model. The real transfer of the mail, however, can be done in an arbitrary way, for example via \NAME{FTP} or \NAME{SCP}. -A second concept, this one primary to arm against spam, is \person{David~A.\ Wheeler}'s \name{Guarded Email} \cite{wheeler03}. It requires messages to be recognized as Ham (non-spam) to be accepted, otherwise a challenge-response authentication will be initiated. +A second concept, this one primary to arm against spam, is \person{David~A.\ Whee\-ler}'s \name{Guarded Email} \cite{wheeler03}. It requires messages to be recognized as Ham (non-spam) to be accepted, otherwise a challenge-response authentication will be initiated. \index{Guarded Email} \name{Hashcash} by \person{Adam Back}---a third concept---tries to limit spam and denial of service attacks \cite{back02}. It requests payment for email. The costs are computing time for the generation of hash values. Thus sending spam becomes expensive. Further information about \name{Hashcash} can be found on \citeweb{hashcash:homepage}. diff -r a641bea7a087 -r 5254a119ad56 thesis/tex/3-MailTransferAgents.tex --- a/thesis/tex/3-MailTransferAgents.tex Sat Feb 07 22:51:17 2009 +0100 +++ b/thesis/tex/3-MailTransferAgents.tex Sat Feb 07 23:47:34 2009 +0100 @@ -274,7 +274,7 @@ \paragraph{Performance} \index{performance} -As second trend, the decreasing necessity for high performance was identified. This goes along with the move of \MTA{}s from service providers to home servers. \postfix\ focuses much on performance, this might not be an important point in the future. Of course there will still be the need for high performance \MTA{}s, but a growing share of the market will not require high performance. Energy and space efficiency is related to performance; it is a similar goal in a different direction. But optimization, be it for performance or other efficiencies, is often in contrast to simplicity and clarity; these two improve security. Optimizing does in most times decrease the simplicity and clarity. Simple \MTA{}s that do not aim for high performance are what is needed in future. The simple design of \qmail\footnote{\qmail\ is still fast} is a good example. +As second trend was the decreasing necessity for high per\-for\-mance identified. This goes along with the move of \MTA{}s from service providers to home servers. \postfix\ focuses much on performance, this might not be an important point in the future. Of course there will still be the need for high performance \MTA{}s, but a growing share of the market will not require high performance. Energy and space efficiency is related to performance; it is a similar goal in a different direction. But optimization, be it for performance or other efficiencies, is often in contrast to simplicity and clarity; these two improve security. Optimizing does in most times decrease the simplicity and clarity. Simple \MTA{}s that do not aim for high performance are what is needed in future. The simple design of \qmail\footnote{\qmail\ is still fast} is a good example. \paragraph{Security} \index{security} diff -r a641bea7a087 -r 5254a119ad56 thesis/tex/4-MasqmailsFuture.tex --- a/thesis/tex/4-MasqmailsFuture.tex Sat Feb 07 22:51:17 2009 +0100 +++ b/thesis/tex/4-MasqmailsFuture.tex Sat Feb 07 23:47:34 2009 +0100 @@ -699,12 +699,14 @@ A new design does protect against such dead ends. -Changing requirements are one possible dead end if the software does not evolve with them. A famous example is \sendmail, which had an almost monopoly for a long time. But when security became important, \sendmail\ was only repaired instead of the problem sources---its insecure design---would have been removed. Thus security problems reappeared and over the years \sendmail's market share shrank as more secure \MTA{}s became available. \sendmail's reaction to the new requirements, in form of \name{sendmail~X} and \name{MeTA1}, came much to late---the users already switched to other \MTA{}s. +Changing requirements are one possible dead end if the software does not evolve with them. A famous example is \sendmail; it had an almost monopoly for a long time. But when security became important, \sendmail\ was only repaired instead of the problem sources---its insecure design---would have been removed. Thus security problems reappeared and over the years \sendmail's market share shrank as more secure \MTA{}s became available. \sendmail's reaction to the new requirements, in form of \name{sendmail~X} and \name{MeTA1}, came much to late---the users already switched to other \MTA{}s. \index{sendmail} -Redesigning a software as requirements change helps keeping it alive. The knowledge of the Greek philosopher \person{Heraclitus} shall be an inspriation: ``Nothing endures but change.'' +Redesigning a software as requirements change helps keeping it alive. \index{redesign} +The knowledge of \person{Heraclitus}, a Greek philosopher, shall be an inspriation: ``Nothing endures but change.'' + Another danger is the dead end of complexity which is likely to appear by constant work on the same code base. It is even more likely if the code base has a monolithic architecture. A good example for simplicity is \qmail\ which consists of small independent modules, each with only about one thousand lines of code. Such simple code makes it obvious to understand what it does. The \name{suckless} project \citeweb{suckless.org} for example advertises such a philosophy of small and simple software by following the thoughts of the Unix inventors \cite{kernighan84} \cite{kernighan99}. Simple, small, and clear code avoids complexity and is thus also a strong prerequisite for security. \index{suckless} @@ -717,7 +719,7 @@ The avoidance of dead ends is essential for further development on current code, too. Hence it is mandatory to refactor the existing code base sooner or later. Most important is the intention to modularize it, as modularity improves many quality properties, eases further development, and essentially improves security. -One example how modular structure makes it easy to add further functionality is described by \person{Sill}: He says that integrating the \name{amavis} filter framework into the \qmail\ system can be done by simply renaming the \path{qmail-queue} module to \path{qmail-queue-real} and renaming the \path{amavis} executable to \path{qmail-queue} \cite[section~12.7.1]{sill02}. Nothing more in the \qmail\ system needs to be changed. This is a very admirable ability which is only possible in a modular system that consists of independent executables. +One example how modular structure makes it easy to add further functionality is described by \person{Sill}: He says that integrating the \name{amavis} filter framework into the \qmail\ system can be done by simply renaming the \path{qmail-queue} module to \path{qmail-queue-real} and then renaming the \path{amavis} executable to \path{qmail-queue} \cite[section~12.7.1]{sill02}. Nothing more in the \qmail\ system needs to be changed. This is a very admirable ability which is only possible in a modular system that consists of independent executables. \index{modularity} This thesis showed several times that modularity is a key property for good software design. Modularity can hardly be retrofitted into software, hence development on base of current code will need a throughout restructuring too, to modularize the source code. Thus a new design is similar to such a throughout refactoring, except the dependence on current code.