Completing the MTA trilogy is Postfix, developed by Wietse Venema, who brought us other proven security packages (SATAN, TCP Wrappers). The Postfix project is at a much earlier stage than Sendmail and Qmail, and as of the writing of this book, Wietse still calls the shipping version Beta. In fact, releases are tagged with snapshot numbers (dates, really), rather than real (major.minor) version numbers.
Postfix is even more modular and simpler to configure than Qmail, and it appears to outperform most other MTAs in use today in the number of messages that it can handle per unit of time. At the current growth rate in deployed installations, I expect that Postfix will be a strong challenger to both Sendmail and Qmail in the near future.
Postfix includes some critical security features:
Principle of Least Privilege Most Postfix processes, including the SMTP client and the SMTP server, run at fixed low privilege in a chroot environment, which means that they are only aware of a limited section of the filesystem (a sandbox of sorts).
Process Insulation Most Postfix processes are decoupled and insulated from one another, such that a vulnerability in one of them would be contained and not easily spread to the security-sensitive parts of the system, such as the local mail delivery daemon.
Process Ownership None of the Postfix processes run under the ownership on the invoking user. Instead, they are owned by a daemon user with no parent-child relationship to the user process.
Setuid No Postfix process runs with setuid permissions.
Large Inputs Postfix developers have designed the system in order to be resilient to buffer overflows in the presence of unusually large SMTP input commands.
You can find more information on the Postfix project at www.postfix.org.
Up until now, this chapter has focused the discussion on MTA applications. The next section shifts the focus to the security issues associated with mail retrieval protocols, which are used by MUAs to fetch messages from a waiting queue in the mail server. Let's start by looking at the Post Office Protocol (POP), and continue by examining the Internet Mail Access Protocol (IMAP).
Was this article helpful?