Re: [fw-wiz] FWTK and smap/smapd
From: Charles W. Swiger (chuck@codefab.com)
Date: 07/17/02
- Next message: Roger Marquis: "Re: [fw-wiz] FWTK and smap/smapd"
- Previous message: Paul Robertson: "Re: [fw-wiz] FWTK and smap/smapd"
- In reply to: Joseph S D Yao: "Re: [fw-wiz] FWTK and smap/smapd"
- Next in thread: ark@eltex.ru: "Re: [fw-wiz] FWTK and smap/smapd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Charles W. Swiger" <chuck@codefab.com> To: firewall-wizards@honor.icsalabs.com Date: Wed Jul 17 12:24:01 2002
On Wednesday, July 17, 2002, at 07:06 AM, Joseph S D Yao wrote:
> On Tue, Jul 16, 2002 at 06:02:49PM -0700, Russell Van Tassell wrote:
>>> (5) smap/smapd adds complexity to a mail server. Sendmail+smap/smapd
>>> is about as complex as you can get. Either qmail or Postfix is
>>> far, far simpler than sendmail alone, let alone
>>> sendmail+smap/smapd. Simple is good. It works better.
>
> By the same token, ANY of the MTAs is 'way to complex to TRUST as a
> mail proxy. Smap and smapd are sufficiently simple that I could read
> and grok them even after all the added cruft. Then use MTA of choice
> (and your choice may differ from mine) to deliver the mail.
Is smapd or smtpd significantly easier to audit, than say, zlib?
Also, what about ESMTP functionality, STARTTLS transport encryption, x509
certs for SMTP server-to-server authentication, extended status codes and
DSN's, SMTP pipelining, etc?
Some of that may not be needed by everyone, but encrypting email en route
and having a secure way of verifying remote SMTP hosts are who they claim
to be seems to be relevant. Supporting maximum message size via ESMTP's
SIZE= is also pretty important from the standpoint of efficiency.
>> Hmmm... sendmail, procmail, smrsh and smapd - along with some sort of
>> virus checker? ;-)
>
> I negelected to mention that the smap/smapd breakdown allows one to
> easily slip in virus checker of choice (AMaViS) and SPAM checker of
> choice (spamassassin). Or, perhaps better, put them in line AFTER
> 'smapd'.
Sure, but you can use any MTA capable of relaying to bounce mail through
spam filtering and/or virus checking, although some are easier to
configure than others. Milter works fine, for instance.
-Chuck
Chuck Swiger | chuck@codefab.com | All your packets are belong to
us.
-------------+-------------------+-----------------------------------
"The human race's favorite method for being in control of the facts
is to ignore them." -Celia Green
- Next message: Roger Marquis: "Re: [fw-wiz] FWTK and smap/smapd"
- Previous message: Paul Robertson: "Re: [fw-wiz] FWTK and smap/smapd"
- In reply to: Joseph S D Yao: "Re: [fw-wiz] FWTK and smap/smapd"
- Next in thread: ark@eltex.ru: "Re: [fw-wiz] FWTK and smap/smapd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
