1.1 --- a/thesis/tex/0-preface.tex	Thu Jan 15 15:27:41 2009 +0100
     1.2 +++ b/thesis/tex/0-preface.tex	Thu Jan 15 15:44:31 2009 +0100
     1.3 @@ -14,9 +14,14 @@
     1.4  
     1.5  << have text by oliver here? >> %TODO
     1.6  
     1.7 +usage examples:
     1.8  
     1.9 +debian popcon stats
    1.10  
    1.11 -Audience:
    1.12 +<< hikernet >>
    1.13 +
    1.14 +
    1.15 +\subsubsection*{Audience}
    1.16  
    1.17  This document is targeted for \masqmail\ users and for people interested in mail systems in general.
    1.18  Security problems in electronic mail, \unix\ and the C programming language will also be discussed.

     2.1 --- a/thesis/tex/4-MasqmailsFuture.tex	Thu Jan 15 15:27:41 2009 +0100
     2.2 +++ b/thesis/tex/4-MasqmailsFuture.tex	Thu Jan 15 15:44:31 2009 +0100
     2.3 @@ -53,7 +53,7 @@
     2.4  	\begin{center}
     2.5  		\includegraphics[scale=0.75]{img/mta-channels.eps}
     2.6  	\end{center}
     2.7 -	\caption{Incoming and outgoing channels required}
     2.8 +	\caption{Required incoming and outgoing channels}
     2.9  	\label{fig:mta-channels}
    2.10  \end{figure}
    2.11  
    2.12 @@ -159,6 +159,7 @@
    2.13  
    2.14  \postfix\ for example has a \texttt{always\_bcc} feature, to send a copy of every outgoing mail to a definable recipient. At least this functionality should be given, although a more complete approach is preferable.
    2.15  
    2.16 +<< refer to SOX >> %fixme
    2.17  
    2.18  
    2.19  
    2.20 @@ -256,6 +257,7 @@
    2.21  
    2.22  Hence, aspiration for modularity, by compartmentalization, improves the overall quality and function of the software. It can be seen as an architectural requirement for a secure and modern \MTA.
    2.23  
    2.24 +%fixme: explain: why are compartments and interfaces so good?
    2.25  
    2.26  
    2.27  
    2.28 @@ -464,21 +466,7 @@
    2.29  
    2.30  \person{Wheeler}'s program \name{sloccount} calculates following estimations for \masqmail's code base as of version 0.2.21 (excluding library code):
    2.31  
    2.32 -\begin{quote}
    2.33 -{\footnotesize
    2.34 -\begin{verbatim}
    2.35 -Total Physical Source Lines of Code (SLOC)                = 9,041
    2.36 -Development Effort Estimate, Person-Years (Person-Months) = 2.02 (24.22)
    2.37 - (Basic COCOMO model, Person-Months = 2.4 * (KSLOC**1.05))
    2.38 -Schedule Estimate, Years (Months)                         = 0.70 (8.39)
    2.39 - (Basic COCOMO model, Months = 2.5 * (person-months**0.38))
    2.40 -Estimated Average Number of Developers (Effort/Schedule)  = 2.89
    2.41 -Total Estimated Cost to Develop                           = $ 272,690
    2.42 - (average salary = $56,286/year, overhead = 2.40).
    2.43 -SLOCCount, Copyright (C) 2001-2004 David A. Wheeler
    2.44 -\end{verbatim}
    2.45 -}
    2.46 -\end{quote}
    2.47 +\codeinput{input/masqmail-sloccount.txt}
    2.48  
    2.49  The development cost is not relevant for a \freesw\ project with volunteer developers, but the development time is. About 24 man-months are estimated. The current code base was written almost completely by \person{Oliver Kurth} within four years, in his spare time. This means he needed around twice as much time. Of course, he programmed as a volunteer developer, not as employee with eight work-hours per day.
    2.50  

     3.1 --- a/thesis/tex/5-Improvements.tex	Thu Jan 15 15:27:41 2009 +0100
     3.2 +++ b/thesis/tex/5-Improvements.tex	Thu Jan 15 15:44:31 2009 +0100
     3.3 @@ -62,11 +62,13 @@
     3.4  Several ways to restrict access are available. The most simple one is restrictiction by the \NAME{IP} address. No extra complexity is added this way, but static \NAME{IP} addresses are mandatory. This kind of restriction may be enabled using the operating system's \path{hosts.allow} and \path{hosts.deny} files. To allow only connections to port 25 from localhost or the local network \texttt{192.168.100.0/24} insert the line ``\texttt{25: ALL}'' into \path{hosts.deny} and ``\texttt{25: 127.0.0.1, 192.168.100.}'' into \path{hosts.allow}.
     3.5  
     3.6  If static access restriction is not possible, for example if mail from locations with changing \NAME{IP} addresses wants to be accepted, some kind of authentication mechanism is required. Three common kinds exist:
     3.7 +
     3.8  \begin{enumerate}
     3.9  	\item \SMTP-after-\NAME{POP}: uses authenication on the \NAME{POP} protocol to permit incoming \SMTP\ connections for a limited time afterwards.
    3.10  	\item \SMTP authentication: is an extension to \SMTP. Authentication can be requested before mail is accepted.
    3.11  	\item Certificates: confirm the identity of someone.
    3.12  \end{enumerate}
    3.13 +
    3.14  The first mechanism requires a \NAME{POP} (or \NAME{IMAP}) server running on the same host (or a trusted one), to enable the \SMTP\ server to use the login dates on the \NAME{POP} server. This is a common practice used by mail service providers, but is not adequate for the environments \masqmail\ is designed for.
    3.15  
    3.16  Certificate based authentication, like provided by \NAME{TLS}, suffers from the overhead of certificate management. But \NAME{TLS} provides encryption too, so is useful anyway.
    3.17 @@ -78,6 +80,8 @@
    3.18  \hfill\cite[page 44]{dent04}
    3.19  \end{quote}
    3.20  
    3.21 +
    3.22 +Compare static with dynamic authentication: pros and cons; usecases: when to use what; how could this be covered by architecture (e.g. smtp submission).
    3.23  %either by
    3.24  %- network/ip address
    3.25  %	easiest: restricting by static IP addresses (Access control via hosts.allow/hosts.deny)
    3.26 @@ -96,9 +100,20 @@
    3.27  
    3.28  split masqmail into two instances
    3.29  
    3.30 +\begin{verbatim}
    3.31 +     +--------+ ext ||||| int +--------+
    3.32 +---> |stripped|---> inter --->|normal  |
    3.33 +     |masqmail|     pos       |masqmail|
    3.34 +     +--------+     |||||     +--------+
    3.35 +\end{verbatim}
    3.36  
    3.37  
    3.38  
    3.39 +\subsection{Spam and malware handling}
    3.40 +
    3.41 +discuss the MTA->scanner->MTA approach
    3.42 +
    3.43 +
    3.44  
    3.45  \subsection{Bug fixes}
    3.46  
    3.47 @@ -173,6 +188,9 @@
    3.48  \sendmail, \exim, \qmail, and \masqmail\ all use at least two files to store one message in the queue: one file contains the message body, another the envelope and header information. The one containing the mail body is not modified at all. \postfix\ takes a different approach in storing queued messages in an internal format within one file. \person{Finch} takes yet another different approach in suggesting to store the whole queue in one single file with pointers to separating positions \cite{finchFIXME}.
    3.49  %fixme: check, cite, and think about
    3.50  
    3.51 +%fixme: discuss: filesystem vs. database
    3.52 +
    3.53 +%fixme: what about the ``rule of repair''?
    3.54  
    3.55  
    3.56  \subsubsection*{Sanitize mail}