On 26/02/2021 02:55, Viktor Dukhovni wrote:
> On Thu, Feb 25, 2021 at 11:39:19PM +0000, Allen Coates wrote:
>
>> It is an *ANCIENT* reference, but the but the O'Reilly book "Building
>> Internet
>> Firewalls" describes a simple program called smap.
>>
>> It runs without root privileges and ONLY accepts incoming SMTP connections,
>> dropping messages into a queue for processing by another program.
>> (Could this be the MAILDROP queue perhaps?)
>>
>> They say it is only 700 lines of code long, and is part of the TIS FWTK
>> (firewall toolkit)
>>
>> Just a random thought. . .
>
> Much too random, I'm afraid. I became a Postfix user/contributor back
> in 2001, because of all the deficiencies of smap, of which I fixed some
> at the time, but it got old fast.
>
> At this point, nobody should be deploying smap. Run the Postfix smtpd
> chrooted if you like (and know how to set up chroot jails correctly),
> but even without that, with Postfix you get a more secure and more
> performant MTA than "smap".
>
Fair Comment! I had no experience with the program, and it sounded like a good
idea on paper :-)
Allen C
