# HG changeset patch # User meillo@marmaro.de # Date 1233395402 -3600 # Node ID 63fb9fba6c77edd371ad738b95a9f44d1b3a7ef5 # Parent 868e11810ac78562a047cdd4dee874af4d04562b various cleanup diff -r 868e11810ac7 -r 63fb9fba6c77 thesis/tex/1-Introduction.tex --- a/thesis/tex/1-Introduction.tex Sat Jan 31 10:49:39 2009 +0100 +++ b/thesis/tex/1-Introduction.tex Sat Jan 31 10:50:02 2009 +0100 @@ -136,36 +136,39 @@ \begin{description} \item[Scenario 1:] +\label{scenario1} If no server is present, every workstation would be equipped with \masqmail. Mail transfer within the same machine or within the local net works straight forward using direct transfer. Outgoing mail to the Internet is sent, to an \name{Internet Service Provider} (short: \NAME{ISP}) for relaying whenever the router goes online. The configuration of \masqmail\ would be the same on every computer, except different host names. To receive mail from the Internet requires a mailbox on the \NAME{ISP}'s mail server. Mail needs to be fetched from the \NAME{ISP}'s server onto the workstation using the \NAME{POP3} or \NAME{IMAP} protocol. \item[Scenario 2:] -In the same network but with a server, one could have \masqmail\ running on the server and using simple forwarders (see \ref{subsec:relay-only}) on the workstations to transfer mail to the server. The server would then, dependent on the destination of the message, deliver locally or relay to an \NAME{ISP}'s server for further relay. This setup does only support mail transfer to the server, but not back to a workstation. However, it can be solved by mounting the users mailbox from the server to the workstation, or by using the \NAME{POP3} or \NAME{IMAP} protocol to fetch the mail in the server's mailbox from the workstations. Mail transfer from the \NAME{ISP} to the local server needs \NAME{POP3} or \NAME{IMAP} as well. +\label{scenario2} +In the same network but with a server, one could have \masqmail\ running on the server and using simple forwarders (see \ref{subsec:relay-only}) on the workstations to transfer mail to the server. The server would then, dependent on the destination of the message, deliver locally or relay to an \NAME{ISP}'s server for further relay. This setup does only support mail transfer to the server but not back to a workstation. However, this can be solved by mounting the user's mailbox from the server to the workstation or by using \NAME{POP3} or \NAME{IMAP}. Mail transfer from the \NAME{ISP} to the local server needs \NAME{POP3} or \NAME{IMAP} as well. \item[Scenario 3:] -A third scenario is unrelated as it is about notebooks. Notebooks are usually used as mobile workstations. One uses them to work at different locations. With the increasing popularity of wireless networks this gets more and more common. Different networks have different setups: In one network it is best to send mail to an \NAME{ISP} for relay. In another network it might be preferred to use a local mail server. A third network may have no Internet access at all, hence using a local mail server is required. All these different setups can be configured once and then used by simply telling the online state to \masqmail, even automatically within a network setup script. +\label{scenario3} +A third scenario is unrelated as it is about notebooks. Notebooks are usually used as mobile workstations. One uses them to work at different locations. With the increasing popularity of wireless networks this becomes more and more common. Different networks demand for different setups: In one network it is best to send mail to an \NAME{ISP} for relay. In another network it might be preferred to use a local mail server. A third network may have no Internet access at all, hence using a local mail server is required. All these different setups can be configured once and then used by simply telling the online state to \masqmail, even automatically within a network setup script. \end{description} -In general, all kinds of usage scenarios within a trusted network are possible. Important to notice is that mail can not be send from outside into the trusted network then. For using \masqmail\ on notebooks it is suggested to only accept mail from local users, because notebooks are often in untrusted environments. This limitation leads to the next section. +In general, all kinds of usage scenarios within a trusted network are possible. Important to notice is that mail can not be send from outside into the trusted network then. For using \masqmail\ on notebooks it is suggested to only accept mail from local users because notebooks are often in untrusted environments. \subsubsection*{Limitations} -Although \masqmail\ is seen as a replacement for other general purpose \MTA{}s, it should not be used on large mail servers. The reasons are that it implements only a basic subset of features, and that its performance and security are not as needed for such usage. +Although \masqmail\ is seen as a replacement for other general purpose \MTA{}s, it should not be used on large mail servers. The reasons are that it implements only a basic subset of features and that its performance and security is not as good as needed for such usage. -The author, \person{Kurth}, warns on the old project's website about using \masqmail\ to accept connections from the Internet, because of the risk of being an open relay: +The author, \person{Kurth}, warns on the old project's website about using \masqmail\ to accept connections from the Internet because of the risk of being an open relay: \begin{quote} MasqMail is not designed to run on a host with a permanent internet connection. It does not have the ability to check for spam mail and it will relay everything from everywhere to everywhere. Use another mail server such as exim for permanent connections. \hfill\citeweb{masqmail:homepage2} \end{quote} -The actual problem is not the permanent Internet connection, but listening for incoming mail on it. If a firewall is closed for incoming mail, then the permanent Internet connection is no problem. \masqmail\ should not be used for permanent Internet connections. Or at least it needs to be secured with care. +The actual problem is not the permanent Internet connection but listening for incoming mail on it. If a firewall is closed for incoming mail, then the permanent Internet connection is no problem. To use \masqmail\ for permanent Internet connections it needs to be secured with care. -The Internet is the common example for an untrusted network, but this applies to any other untrusted network too. +The Internet is the common example for an untrusted network but other networks may be untrusted too. @@ -180,25 +183,40 @@ \subsection{Features} -Here regarded is version 0.2.21 of \masqmail. This is the last version released by \person{Oliver Kurth}, and the basis for my thesis. +Here regarded is version 0.2.21 of \masqmail. This is the last version released by \person{Oliver Kurth}. \subsubsection*{The source code} -\masqmail\ is written in the C programming language. The program, as of version 0.2.21, consists of 34 source code and eight header files, containing about 9,000 lines of code\footnote{Measured with \name{sloccount} by David A.\ Wheeler \citeweb{sloccount}.}. Additionally, it includes a \name{base64} implementation (about 300 lines) and \name{md5} code (about 150 lines). For systems that do not provide \name{libident}, this library is distributed as well (circa 600 lines); an available shared library has higher precedence in linking, though. +\masqmail\ is written in the C programming language. The program, as of version 0.2.21, consists of 34 source code and eight header files which contain about 9\,000 lines of code\footnote{Measured with \name{sloccount} by David A.\ Wheeler \citeweb{sloccount}.}. Additionally, it includes a \name{base64} implementation (about 300 lines) and \name{md5} code (about 150 lines). For systems that do not provide \name{libident}, this library is distributed as well (circa 600 lines); an available shared library has higher precedence in linking, though. The only mandatory dependency is \name{glib}---a cross-platform software utility library, originated in the \NAME{GTK+} project. It provides safe replacements for many standard library functions, especially for the string functions. It also offers handy data containers, easy-to-use implementations of data structures, and much more. -Some functionality of \masqmail\ can be included or excluded at compile time by defining symbols. To enable maildir support for example, one has to add \verb_--enable-maildir_ to the configure call. Otherwise the concerning code gets removed during preprocessing. +Some parts of \masqmail's functionality can be included or excluded at compile time by defining symbols. To enable maildir support for example, one has to add \verb_--enable-maildir_ to the configure call. Otherwise the concerning code gets removed during preprocessing. -With \masqmail\ comes the small tool \path{mservdetect}; it helps setting up a configuration that uses the \name{mserver} system to detect the online state. Two other binaries get compiled for testing purposes: \path{readtest} and \path{smtpsend}. All three programs use parts of \masqmail's source code; they only add a file with a \verb+main()+ function each. +With \masqmail\ comes the small tool \path{mservdetect}; it helps setting up a configuration that uses the \name{mserver} system for online state detection. Two other binaries get compiled for testing purposes: \path{readtest} and \path{smtpsend}. These three additional programs use parts of \masqmail's source code; they only add a file with a \verb+main()+ function each. \subsubsection*{Features} \label{sec:masqmail-features} -\masqmail\ supports two channels for incoming mail: (1) Standard input, used when \path{masqmail} is executed on the command line and (2) a \NAME{TCP} socket, used by local or remote clients that talk \SMTP. The outgoing channels for mail are: (1) direct delivery to local mailboxes (in \name{mbox} or \name{maildir} format), (2) local pipes to pass mail to a program (e.g.\ gateways to \NAME{UUCP}, gateways to fax, or \NAME{MDA}s), and (3) \NAME{TCP} sockets to transfer mail to other \MTA{}s using the \SMTP\ protocol. Figure \ref{fig:masqmail-channels} shows this as a picture. (The ``online state'' input is explained a bit later.) +\masqmail\ supports two channels for incoming mail: + +\begin{enumerate} +\item Standard input which is used when \path{masqmail} (or the \path{sendmail} link) is executed on the command line +\item A \NAME{TCP} socket which is used by local or remote clients that talk \SMTP +\end{enumerate} + +The outgoing channels for mail are: + +\begin{enumerate} +\item Direct delivery to local mailboxes (in \name{mbox} or \name{maildir} format) +\item Local pipes to pass mail to a program (e.g.\ to \NAME{MDA}s or to gateways to \NAME{UUCP} or fax) +\item \NAME{TCP} sockets to transfer mail to other \MTA{}s using the \SMTP\ protocol +\end{enumerate} + +Figure \ref{fig:masqmail-channels} shows this as a picture. (The ``online state'' input is explained a bit later.) \begin{figure} \begin{center} @@ -208,15 +226,15 @@ \label{fig:masqmail-channels} \end{figure} -Outgoing \SMTP\ connections feature \SMTP-\NAME{AUTH} and \SMTP-after-\NAME{POP} authentication, but incoming connections do not. Using wrappers for outgoing connections is supported. This allows encrypted communication through a gateway application like \name{openssl}. +Outgoing \SMTP\ connections feature \SMTP-\NAME{AUTH} and \SMTP-after-\NAME{POP} authentication but incoming connections do not. Using wrappers for outgoing connections is supported. This allows encrypted communication through a gateway application like \name{openssl}. -Mail queuing is essential for \masqmail\ and supported of course, alias expansion is also supported. +Mail queuing is essential for \masqmail\ and thus supported of course, alias expansion is also supported. -The \masqmail\ executable can be called under various names for sendmail-compatibility reasons. As many programs expect the \MTA\ to be located at \path{/usr/lib/sendmail} or \path{/usr/sbin/sendmail}, symbolic links are pointing from there to the \masqmail\ executable. Further more does \sendmail\ supports calling it with a different name instead of supplying command line arguments. The best known of this shortcuts is \path{mailq}, which is equivalent to calling it with the argument \verb+-bq+. \masqmail\ recognizes the shortcuts \path{mailq}, \path{smtpd}, \path{mailrm}, \path{runq}, \path{rmail}, and \path{in.smtpd}. The first two are inspired by \sendmail. Not implemented is the shortcut \path{newaliases} because \masqmail\ does not generate binary representations of the alias file.\footnote{A shell script named \path{newaliases}, that invokes \texttt{masqmail -bi}, can provide the command to satisfy other software needing it.} \path{hoststat} and \path{purgestat} are missing for complete sendmail-compatibility. +The \masqmail\ executable can be called under various names for sendmail-compatibility reasons. As many programs expect the \MTA\ to be located at \path{/usr/lib/sendmail} or \path{/usr/sbin/sendmail}, symbolic links are pointing from there to the \masqmail\ executable. Further more does \sendmail\ supports calling it with a different name instead of supplying command line arguments. The best known of these shortcuts is \path{mailq} which is equivalent to calling it with the argument \verb+-bq+. \masqmail\ recognizes the shortcuts \path{mailq}, \path{smtpd}, \path{mailrm}, \path{runq}, \path{rmail}, and \path{in.smtpd}. The first two are inspired by \sendmail. Not implemented is the shortcut \path{newaliases} because \masqmail\ does not generate binary representations of the alias file.\footnote{A shell script named \path{newaliases} that invokes \texttt{masqmail -bi} can provide the command to satisfy software that depends on a \path{newaliases} program.} \path{hoststat} and \path{purgestat} are missing for complete sendmail-compatibility. %masqmail: mailq, mailrm, runq, rmail, smtpd/in.smtpd %sendmail: hoststat, mailq, newaliases, purgestat, smtpd -Additional to the \mta\ job, \masqmail\ also offers mail retrieval services by being a \NAME{POP3} client. It can fetch mail from different remote locations, dependent on the active online connection. +Additional to the \mta\ job, \masqmail\ also offers mail retrieval services by being a \NAME{POP3} client. It can fetch mail from different remote locations dependent on the active online connection. Such functionality is especially useful in a setup like \name{Scenario 2} on page \pageref{scenario2}. @@ -225,14 +243,22 @@ \masqmail\ focuses on handling different non-permanent online connections, thus a concept of online routes is used. One may configure any number of routes to send mail. Each route can have criteria to determine if some message is allowed to be sent over it. Mail to destinations outside the local network gets queued until a suitable online connections is available. -The background of this concept was the send mail to the Internet while using one of a set of dial-up Internet connection from different \NAME{ISP}s. It was quite common that \NAME{ISP}s accepted mail for relay only if it came over a connection they managed. This means, one was not able to relay mail over the mail server of \NAME{ISP}\,1 while being online over the connection of \NAME{ISP}\,2. \masqmail\ is a solution to the wish of switching the relaying mail server easily. +The idea behind this concept is sending mail to the Internet through the mail server of the same \NAME{ISP} over which one had dialed in. It was quite common that \NAME{ISP}s accepted mail for relay only if it came from as online connection they managed. This means, one was not able to relay mail through the mail server of one \NAME{ISP} while being online through the connection of another \NAME{ISP}. \masqmail\ is a solution to the wish of switching the relaying mail server easily. Related is \masqmail's ability to rewrite the sender's email address dependent on which \NAME{ISP} is used. This prevents mail from being likely classified as spam. -To react on the different situations, \masqmail\ needs to query the current online state. Is an online connection available, and if it is, which one? Three methods are implemented: (1) Reading from a file, (2) reading the output of a command, and (3) by asking an \name{mserver} system. Each method may return a string naming the routes that is online or returning nothing to indicate offline state. +To react on the different situations, \masqmail\ needs to query the current online state. Is an online connection available? And if it is: Which one? Three methods are implemented: +\begin{enumerate} +\item Reading from a file +\item Reading the output of a command +\item Querying an \name{mserver} system +\end{enumerate} -Mail for hosts within the local network or for users on the local machine is not touched by this concept, it is always sent immediately. +Each method may return a string naming the routes that is online or returning nothing to indicate offline state. + + +Mail for hosts inside the local network or for users on the local machine is not touched by this concept; such mail is always sent immediately. @@ -243,18 +269,19 @@ \section{Why \masqmail\ is worthy} -First of all, \masqmail\ is better suited for its target field of operation (multiple non-permanent online connections) than every other \MTA. Especially is such usage easy to set up because \masqmail\ was designed for that. -Many \MTA{}s were not designed for such usage as the following two example show: ``Exim is designed for use on a network where most messages can be delivered at the first attempt.'' \cite[page~30]{hazel01}. ``qmail was designed for well-connected hosts: those with high-speed, always-on network connectivity.'' \cite[page9]{sill02}. +First of all, \masqmail\ is better suited for its target field of operation (multiple non-permanent online connections) than every other \MTA. Especially is such usage easy to set up because \masqmail\ was designed for that. Many alternative \MTA{}s were not designed for those scenarios at all as the following two example show: ``Exim is designed for use on a network where most messages can be delivered at the first attempt.'' \cite[page~30]{hazel01}. ``qmail was designed for well-connected hosts: those with high-speed, always-on network connectivity.'' \cite[page9]{sill02}. + +%fixme: hikernet Additionally does \masqmail\ make it easy to run an \MTA\ on workstations or notebooks. There is no need to do complex configuration or to be a mail server expert. Only a handful of options need to be set; the host name, the local networks, and one route for relaying are sufficient in most times. %fixme: is that true? -Probably users say it best. In this case \person{Derek Broughton}: +Probably users say it best; in this case \person{Derek Broughton}: \begin{quote} No kidding. The whole point is that you \_have\_ to have an \MTA\ and you don't want to configure Postfix/Exim/Sendmail/Qmail (almost all of which I've actually done). -I now use masqmail - it's really simple, my configuration is all in debconf, +I now use masqmail -- it's really simple, my configuration is all in debconf, it's supported by whereami, and it's really simple :-) I'm sure you can make any \MTA\ behave nicely when offline, but it was a chore @@ -272,18 +299,17 @@ -Although development on \masqmail\ stopped in 2003 it still has its users. Having users is alone reason enough for further development and maintenance. This applies especially if the software covers a niche and if requirements for such software in general change. Both matches in \masqmail's case. +Although the development on \masqmail\ stopped in 2003 it still has its users. Having users is already reason enough for further development and maintenance. This applies especially when the software covers a niche and when requirements for such software in general changed. Both is the case for \masqmail. -It is difficult to get numbers about users of Free Software, because no one needs to tell anyone when he uses some software. \debian's \name{popcon} statistics \citeweb{popcon.debian} are a try to provided numbers. The statistics report 60 \masqmail\ installations of which 49 are in active use, for January 2009. If it is assumed that one third of all \debian\ users report their installed software\footnote{One third is a high guess as it means there would be only about 230 thousand \debian\ installations in total. But according to the \name{Linux Counter} \citeweb{counter.li.org} between 490 thousand and 12 million \debian\ users can be estimated.}, there would be in total around 150 active \masqmail\ installations in \debian. \name{Ubuntu} which also does \name{popcon} statistics \citeweb{popcon.ubuntu}, counts 82 installations with 13 active ones. If here also one third of all systems submit their data, 40 active installations can be added. Including a guessed amount of additional 30 installations on other \unix\ operating systems makes about 220 \masqmail\ installations in total. Of course one person may have \masqmail\ installed on more than one computer, but a total of 150 different users seems to be realistic. +It is difficult to get numbers about users of Free Software because no one needs to tell anyone when he uses some software. \debian's \name{popcon} statistics \citeweb{popcon.debian} are a try to provided numbers. For January 2009, the statistics report 60 \masqmail\ installations of which 49 are in active use. If it is assumed that one third of all \debian\ users report their installed software\footnote{One third is a high guess as it means there would be only about 230 thousand \debian\ installations in total. But according to the \name{Linux Counter} \citeweb{counter.li.org} between 490 thousand and 12 million \debian\ users can be estimated.}, there would be in total around 150 active \masqmail\ installations in \debian. \name{Ubuntu} which also does \name{popcon} statistics \citeweb{popcon.ubuntu}, counts 82 installations with 13 active ones. If here also one third of all systems submit their data, 40 active installations can be added. Including a guessed amount of additional 30 installations on other \unix\ operating systems makes about 220 \masqmail\ installations in total. Of course one person may have \masqmail\ installed on more than one computer, but a total of 150 different users seems to be realistic. %The increasing number of systems using \masqmail, as it is shown on the \name{popcon} graph \citeweb{popcon.debian:masqmail}, seems to be impressive in the beginning as \masqmail\ was not developed during that time. But it might come from the increasing popularity of \name{popcon} over the time. -One thing became a fact now: \masqmail\ has users. And software that is used should be developed and maintained. +One thing became clear now: \masqmail\ has users. And software that is used should be developed and maintained. % alternative: http://anfi.homeunix.org/sendmail/dialup10.html -%<< hikernet >> @@ -294,9 +320,9 @@ \section{Problems to solve} -A program, that no one has developed further for nearly six years, that is located in a field of operation that changed during that time, surely needs improvement. Security and spam have now highly increased importance compared to 2003. Dial-up connections became rare---broadband flat rates are common now. Other \MTA{}s evolved in respect to theses changes, \masqmail\ did not. +A program that was neglected for nearly six years in a field of operation that changed during this time surely needs improvement. Security and spam have highly increased in importance since 2003. Dial-up connections became rare, instead broadband flat rates are common now. Other \MTA{}s evolved in respect to theses changes---\masqmail\ did not. -The current and trends for a future market situation needs to be identified. Looks at other \MTA{}s need to be taken. And required work on \masqmail\ needs to be defined in combination with the evaluation of strategies to do this work. Finally a plan for further development should be created. +The current market situation and trends for the future need to be identified. Looks at other \MTA{}s need to be taken. Required work on \masqmail\ needs to be defined in combination with the evaluation of strategies to do this work. And a plan for further development should be created. @@ -304,9 +330,11 @@ \section{Delimitation} -This thesis is neither a installation guide for \masqmail\ nor a bit by bit explanation of \masqmail's source code. Installation and setup guides can be found on \masqmail's homepage \citeweb{masqmail:homepage}. +This thesis is neither a installation guide for \masqmail\ nor a detailed explanation of \masqmail's source code. Installation and setup guides can be found on \masqmail's homepage \citeweb{masqmail:homepage}. -Also not regarded is the \NAME{POP3} functionality of \masqmail. +The \NAME{POP3} functionality of \masqmail\ receives few regard in this document because it is not directly related to the core of \masqmail\ which is being an \MTA. +The \name{mserver} system to query the online state is also only mentioned but not regarded further. It seems best to move this functionality into a separate program which is run through the shell command interface, anyway. + diff -r 868e11810ac7 -r 63fb9fba6c77 thesis/tex/5-Improvements.tex --- a/thesis/tex/5-Improvements.tex Sat Jan 31 10:49:39 2009 +0100 +++ b/thesis/tex/5-Improvements.tex Sat Jan 31 10:50:02 2009 +0100 @@ -60,7 +60,7 @@ \begin{quote} %None of these add-ons is an ideal solution. They require additional code compiled into your existing daemons that may then require special write accesss to system files. They also require additional work for busy system administrators. If you cannot use any of the nonauthenticating alternatives mentioned earlier, or your business requirements demand that all of your users' mail pass through your system no matter where they are on the Internet, SASL is probably the solution that offers the most reliable and scalable method to authenticate users. None of these [authentication methods] is an ideal solution. They require additional code compiled into your existing daemons that may then require special write access to system files. They also require additional work for busy system administrators. If you cannot use any of the nonauthenticating alternatives mentioned earlier, or your business requirements demand that all of your users' mail pass through your system no matter where they are on the Internet, \NAME{SASL} is probably the solution that offers the most reliable and scalable method to authenticate users. -\hfill\cite[page 44]{dent04} +\hfill\cite[page~44]{dent04} \end{quote} These days is \NAME{SMTP-AUTH}---defined in \RFC\,2554---supported by most email clients. If encryption is used then even insecure authentication methods like \NAME{PLAIN} and \NAME{LOGIN} become secure.