# HG changeset patch # User meillo@marmaro.de # Date 1232030671 -3600 # Node ID 8a25b62624971a171b4fc48311b1325c38189587 # Parent ce4d5b39e554ef6bc3c283fb56e72248cfbe803e minor changes; added todos diff -r ce4d5b39e554 -r 8a25b6262497 thesis/tex/0-preface.tex --- a/thesis/tex/0-preface.tex Thu Jan 15 15:27:41 2009 +0100 +++ b/thesis/tex/0-preface.tex Thu Jan 15 15:44:31 2009 +0100 @@ -14,9 +14,14 @@ << have text by oliver here? >> %TODO +usage examples: +debian popcon stats -Audience: +<< hikernet >> + + +\subsubsection*{Audience} This document is targeted for \masqmail\ users and for people interested in mail systems in general. Security problems in electronic mail, \unix\ and the C programming language will also be discussed. diff -r ce4d5b39e554 -r 8a25b6262497 thesis/tex/4-MasqmailsFuture.tex --- a/thesis/tex/4-MasqmailsFuture.tex Thu Jan 15 15:27:41 2009 +0100 +++ b/thesis/tex/4-MasqmailsFuture.tex Thu Jan 15 15:44:31 2009 +0100 @@ -53,7 +53,7 @@ \begin{center} \includegraphics[scale=0.75]{img/mta-channels.eps} \end{center} - \caption{Incoming and outgoing channels required} + \caption{Required incoming and outgoing channels} \label{fig:mta-channels} \end{figure} @@ -159,6 +159,7 @@ \postfix\ for example has a \texttt{always\_bcc} feature, to send a copy of every outgoing mail to a definable recipient. At least this functionality should be given, although a more complete approach is preferable. +<< refer to SOX >> %fixme @@ -256,6 +257,7 @@ Hence, aspiration for modularity, by compartmentalization, improves the overall quality and function of the software. It can be seen as an architectural requirement for a secure and modern \MTA. +%fixme: explain: why are compartments and interfaces so good? @@ -464,21 +466,7 @@ \person{Wheeler}'s program \name{sloccount} calculates following estimations for \masqmail's code base as of version 0.2.21 (excluding library code): -\begin{quote} -{\footnotesize -\begin{verbatim} -Total Physical Source Lines of Code (SLOC) = 9,041 -Development Effort Estimate, Person-Years (Person-Months) = 2.02 (24.22) - (Basic COCOMO model, Person-Months = 2.4 * (KSLOC**1.05)) -Schedule Estimate, Years (Months) = 0.70 (8.39) - (Basic COCOMO model, Months = 2.5 * (person-months**0.38)) -Estimated Average Number of Developers (Effort/Schedule) = 2.89 -Total Estimated Cost to Develop = $ 272,690 - (average salary = $56,286/year, overhead = 2.40). -SLOCCount, Copyright (C) 2001-2004 David A. Wheeler -\end{verbatim} -} -\end{quote} +\codeinput{input/masqmail-sloccount.txt} The development cost is not relevant for a \freesw\ project with volunteer developers, but the development time is. About 24 man-months are estimated. The current code base was written almost completely by \person{Oliver Kurth} within four years, in his spare time. This means he needed around twice as much time. Of course, he programmed as a volunteer developer, not as employee with eight work-hours per day. diff -r ce4d5b39e554 -r 8a25b6262497 thesis/tex/5-Improvements.tex --- a/thesis/tex/5-Improvements.tex Thu Jan 15 15:27:41 2009 +0100 +++ b/thesis/tex/5-Improvements.tex Thu Jan 15 15:44:31 2009 +0100 @@ -62,11 +62,13 @@ Several ways to restrict access are available. The most simple one is restrictiction by the \NAME{IP} address. No extra complexity is added this way, but static \NAME{IP} addresses are mandatory. This kind of restriction may be enabled using the operating system's \path{hosts.allow} and \path{hosts.deny} files. To allow only connections to port 25 from localhost or the local network \texttt{192.168.100.0/24} insert the line ``\texttt{25: ALL}'' into \path{hosts.deny} and ``\texttt{25: 127.0.0.1, 192.168.100.}'' into \path{hosts.allow}. If static access restriction is not possible, for example if mail from locations with changing \NAME{IP} addresses wants to be accepted, some kind of authentication mechanism is required. Three common kinds exist: + \begin{enumerate} \item \SMTP-after-\NAME{POP}: uses authenication on the \NAME{POP} protocol to permit incoming \SMTP\ connections for a limited time afterwards. \item \SMTP authentication: is an extension to \SMTP. Authentication can be requested before mail is accepted. \item Certificates: confirm the identity of someone. \end{enumerate} + The first mechanism requires a \NAME{POP} (or \NAME{IMAP}) server running on the same host (or a trusted one), to enable the \SMTP\ server to use the login dates on the \NAME{POP} server. This is a common practice used by mail service providers, but is not adequate for the environments \masqmail\ is designed for. Certificate based authentication, like provided by \NAME{TLS}, suffers from the overhead of certificate management. But \NAME{TLS} provides encryption too, so is useful anyway. @@ -78,6 +80,8 @@ \hfill\cite[page 44]{dent04} \end{quote} + +Compare static with dynamic authentication: pros and cons; usecases: when to use what; how could this be covered by architecture (e.g. smtp submission). %either by %- network/ip address % easiest: restricting by static IP addresses (Access control via hosts.allow/hosts.deny) @@ -96,9 +100,20 @@ split masqmail into two instances +\begin{verbatim} + +--------+ ext ||||| int +--------+ +---> |stripped|---> inter --->|normal | + |masqmail| pos |masqmail| + +--------+ ||||| +--------+ +\end{verbatim} +\subsection{Spam and malware handling} + +discuss the MTA->scanner->MTA approach + + \subsection{Bug fixes} @@ -173,6 +188,9 @@ \sendmail, \exim, \qmail, and \masqmail\ all use at least two files to store one message in the queue: one file contains the message body, another the envelope and header information. The one containing the mail body is not modified at all. \postfix\ takes a different approach in storing queued messages in an internal format within one file. \person{Finch} takes yet another different approach in suggesting to store the whole queue in one single file with pointers to separating positions \cite{finchFIXME}. %fixme: check, cite, and think about +%fixme: discuss: filesystem vs. database + +%fixme: what about the ``rule of repair''? \subsubsection*{Sanitize mail}