Firewall Wizards mailing list archives
Re: FWTK and smap/smapd
From: Paul Robertson <proberts () patriot net>
Date: Wed, 17 Jul 2002 11:00:52 -0400 (EDT)
On Wed, 17 Jul 2002, Frederick M Avolio wrote:
The real problem with something like smap/smapd is that it uses Sendmail at all. Remember Sendmail (postfix, et al) supports IT ALL. On an e-mail
[sometimes the moderator approves things so he can heckle ;)]
gateway to the Internet, we don't (shouldn't) need that. We can make some assumptions, which simplify things considerably. And if we don't mind passing outbound e-mail to our ISP, things get even simpler. There's just no money in it. And of course given a choice of "secure-er" or faster we take faster.
While I agree generally with what you say, I'd like to point out the biggest advantage of Open Source- you can rip out massive ammounts of code that isn't particularly necessary. These days, if you're running a corporate gateway, you need *lots* of functionality for mail (mostly for blocking and rewriting) and a good deal of that needs to happen up-front (arguments as to if "up front" needs to be the firewall or not are not addressed in this memo[1].) For at least one of the examples, it's relatively easy to rip out large ammounts of non-essential code (by module, by function...) While you're still left with a lot more code than with something like smap- you get at least some assurance that you've taken away a lot of potential badness/inappropriateness. Paul [1] I abhor the "security is not addressed" RFC stuff. ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Re: Firewalls breaking stuff: [Was re: fwtk], (continued)
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Paul Robertson (Jul 22)
- Re: FWTK and smap/smapd Frederick M Avolio (Jul 16)
- Re: FWTK and smap/smapd Marcus J. Ranum (Jul 16)
- Re: FWTK and smap/smapd David Lang (Jul 16)
- Re: FWTK and smap/smapd Dominik Miklaszewski (Jul 16)
- Re: FWTK and smap/smapd Paul Robertson (Jul 16)
- Re: FWTK and smap/smapd Marcus J. Ranum (Jul 16)
- Re: FWTK and smap/smapd ark (Jul 16)
- Re: FWTK and smap/smapd ark (Jul 17)
- Re: FWTK and smap/smapd Frederick M Avolio (Jul 17)
- Re: FWTK and smap/smapd Paul Robertson (Jul 17)
- Message not available
- Re: FWTK and smap/smapd Marcus J. Ranum (Jul 18)
- Re: FWTK and smap/smapd Frederick M Avolio (Jul 17)
- Re: FWTK and smap/smapd Roger Marquis (Jul 17)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 17)
- Re: FWTK and smap/smapd Bennett Todd (Jul 17)
- Re: FWTK and smap/smapd Rick Murphy (Jul 17)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 17)
- Re: FWTK and smap/smapd Roger Marquis (Jul 17)
- Re: FWTK and smap/smapd Brian Hatch (Jul 17)
- Re: FWTK and smap/smapd Dominik Miklaszewski (Jul 17)
- Re: FWTK and smap/smapd Devdas Bhagat (Jul 18)
- Re: FWTK and smap/smapd Greg Polanski (Jul 18)