“Though the virus alerts have vanished from the evening news,
Internet security remains a justifiably hot topic. Still, while
hype, myth, and hysteria abound, useful information seems to be in
short supply. Had enough of generalities? Time for something, um,
practical? We think so….“
“The key security issue for a mail administrator is pretty
clear: no one should be able to get special permissions or elevate
their privileges in any way via the mail system. Of course, there
are degrees of insecurity. The worst case, obviously, is for an
intruder to get root, but breaking into another system account or
an ordinary user account is also a problem. There are read, write,
and execute permissions to consider, too. Being able to read a file
as root is bad; being able to write a file as root is much
worse.”
“Denial of service should be hard. Out-and-out prevention is
essentially impossible: to provide a service is to provide an
opportunity for denial of service. But you can degrade gracefully
under attack, as opposed to simply going belly up. Ideally, you
also want to make forgery as difficult as possible – although,
regrettably, SMTP itself makes forgery trivial. You want to avoid
theft of service, aka spam. And you want to avoid information
leakage: just on general principle, you don’t want certain types of
information (about your configuration, about your users, about your
network) to get out.”