At 12:19 PM 12/16/98 -0800, Jim McCoy wrote:
>Bill writes:
>>>NYT's Markoff reports on IBMs' release today of
>>>"Secure Mailer,"
>[...]
>>It appears that "secure" in this case means mostly protection from common
>>denial of service attacks.
>
>
>This MTA is the one which had been called "vmailer" while in alpha tests.
>Wietse Venema was the creator of tcp_wrappers and several very good unix
>security tools. Secure in this case means seperation of tasks through the
>use of agents which have limited capabilities (limiting what is run setuid)
>as well as the development of a smaller codebase which is easier to check
>for problems. Basically this is immune from all known SMTP attacks (DoS,
>attacks upon the MTA itself to compromise the host, etc.) and it takes steps
>to limit vulnerability to likely future attacks (buffer overflows, etc.)
>
>You seem to imply that this is not enough to qualify as "secure", so would
>you mind describing what characteristics you think a secure mail transfer
>agent needs? I can see to it that the suggestions get to Wietse for future
>additions to postfix.
One reason I believe this agent may actually live up to claims made about it is Wietse Venema. I took a network security class he taught, and I was very impressed by his expertise.
The reason I put "secure" in quotes is because it means so many different things to different people. In the DaffE world, "secure" applies only partially to authentication. E fills the authentication holes and adds privacy. As far as I can tell, vmailer doesn't do either privacy or authentication, but it does do denial of service. (There has to be authentication for configuration changes, but it may be performed by the OS, and not vmailer.)