Re: [EXIM] 1 incoming/1 outgoing considered more safe ?

Top Page
Delete this message
Reply to this message
Author: Anand Buddhdev
Date:  
To: Adrian Phillips
CC: exim-users
Subject: Re: [EXIM] 1 incoming/1 outgoing considered more safe ?
On Wed, Feb 10, 1999 at 08:33:42PM +0100, Adrian Phillips wrote:

The problem with running a mail system as single server is that if a remote
attacker manages to break in, he may be able to gain the privileges of the
user running the mail daemon. This is how sendmail got broken into numerous
times. It would be running as root, and a stupid hole in it would give root
access to a cracker. These days, most people run their mailer daemon as a
non-privileged user, eg. sendmail often runs as user "sendmail" and for
exim, people create a user called "exim". This can still be a problem,
because in the event of a break-in, the attacker still has all the rights
of that user, and they may still be able to do some damage, depending on
how much access that "non-privileged" user has.

Other mail systems take another approach, and partition the system into
little modules, each of which runs as a differnet user. an example is
qmail. Here, the smtp daemon runs as user qmaild, the sending daemon runs
as qmails and the delivery agent runs with the privileges of the user being
delivered to. A user managing to break one part of the system will not be
able to do much with the other parts.

Finally, you can have a SERVER for incoming mail, but for outgoing mail you
would have an smtp CLIENT, not server. Since you are doing a project, you
should be careful to distinguish between these 2 terms carefully.

> Good day,
>
>     We've just started an email project at work and a comment that
>     came from out internet connector (I don't know whether provider is
>     quite the correct way to put it in our case) is that having a
>     seperate incoming and a separate outgoing SMTP server is better
>     security wise.

>
>     Now is this a very sendmail centric problem or would you consider
>     this a wise idea no matter what ? Thinking in terms of how exim
>     can work, with one daemon listening on port 25 and a cron job
>     running exim every so often to send out messages or having exim
>     run a seperate runner process using -q, this problem may be
>     completely irrelevant to exim, but having used smail and then exim
>     for the last cuople of years I cannot say what the differences are
>     between sendmail and exim, and exactly what problems could occur
>     with a combined incoming/outgoing server ?


--
Anand
System Administrator
Africa Online Ltd
http://www.anand.org

--
*** Exim information can be found at http://www.exim.org/ ***