From: "dalek" <wvdat_private> > are some links and papers that deal with things like safely binding to > a high port (25) and dropping privileges, safe email address parsing so > as to exclude characters which might be used to redirect the mail or > even launch programs on the machine running the MTA, etc.... It's OK to bind to a low port and then drop privs before accept() if you want to. Other methods involve the so-called capability to bind to a port - or port redirection tools so you are elsewhere anyway. Of course the more you cheat the less portable it is. Communication between related processes is possible and useful in various ways - see e.g. programming books by W. Richard Stevens. > 1) I dont want to write a monolithic single binary server that forks off > parts of itself at different privilege levels to do different tasks. I dont > know > if it is even possible to exploit, but having ALL the functions to ALL the > different tasks of the MTA in the same address space as the instance > that accepts user input makes me uneasy. I agree with this attitude. SubDomain is a useful way to restrict the programs thar can be launched - even in the presence of programming errors. > 3) I dont want to put the MTA binaries and configuration files in non > traditionaly unix directories (once again like qmail), Configurations go > in /etc and binaries go into either /usr/local, /usr or /bin depending on > the distro / flavour of unix you prefer. Subdirectories of /etc have become normal in recent years. See /etc/mail, /etc/inet, /etc/ftpd for the first 3 to occur to me. A whole MTA is a _lot_ of work and I'd go with the suggestion you've already had to look at Postfix.
This archive was generated by hypermail 2b30 : Thu Feb 28 2002 - 14:08:38 PST