On Thu, Feb 25, 2021 at 11:39:19PM +0000, Allen Coates wrote:
> It is an *ANCIENT* reference, but the but the O'Reilly book "Building Internet
> Firewalls" describes a simple program called smap.
>
> It runs without root privileges and ONLY accepts incoming SMTP connections,
> dropping messages into a queue for processing by another program.
> (Could this be the MAILDROP queue perhaps?)
>
> They say it is only 700 lines of code long, and is part of the TIS FWTK
> (firewall toolkit)
>
> Just a random thought. . .
Much too random, I'm afraid. I became a Postfix user/contributor back
in 2001, because of all the deficiencies of smap, of which I fixed some
at the time, but it got old fast.
At this point, nobody should be deploying smap. Run the Postfix smtpd
chrooted if you like (and know how to set up chroot jails correctly),
but even without that, with Postfix you get a more secure and more
performant MTA than "smap".
--
Viktor.
