Re: Bug#155576: To hack or not to hack
On Thu, Aug 08, 2002 at 09:53:32AM +1000, Brian May wrote:
> On Wed, Aug 07, 2002 at 07:34:32PM -0400, Matt Zimmerman wrote:
> > It is still sent from one program to another, of course, but it is done over
> > a pipe, rather than over a TCP connection. This eliminates an entire class
> > of bothersome problems, such as network security and access control, and
> > should also perform better.
>
> You realize of course, that only connections from localhost are accepted,
> seeing it only binds to localhost (or this is a bug otherwise)?
Yes, but a network socket is still a network socket. Given a pipeline,
there is no way for unprivileged users on the system to access it. However,
it is quite easy for any user to connect to a daemon bound to localhost. So
it has to contend with potentially hostile users connecting directly to it,
and stressing its SMTP implementation, while the pipeline version can trust
the MTA.
> The rationale, IMHO is:
>
> - easier to maintain for up-to-date MTAs.
The configuration looks about the same in terms of complexity; I suppose it
could be easier if one switches MTAs, because the amavisd side of the
configuration should not need to change.
> - no need for MTA to execute seperate program that pipes data to
> amavisd and receives result.
>
> - faster performance as a result of the above.
>
> - distributed setup.
These seem valid, but most mail systems have relatively low volume, and are
not concerned with performance.
--
- mdz
Reply to: