On Friday, March 9 at 11:02 PM, quoth Sami Farin:
1. It requires mucking with qmail-smtpd.c unnecessarily.
What the hell is that supposed to mean?
Precisely what it says. The less modified qmail-smtpd.c is, the
happier I am. Of two solutions, one which requires modifying
qmail-smtpd.c and one which does not, I believe that solution that
does not is superior to the one that does.
Plus, the more you modify the source, the more conflicts you have
between your patches (they're almost all based on unmodified source
code).
Of course you have to edit qmail-smtpd.c if you add that feature
into qmail-smtpd.c.
Which is precisely what I don't like about it.
2. It requires qmail-smtpd to rely on a resolver library.
Untrue. It can also use djb's dns library, just like rblsmtpd.
Wait, so you're telling me that by making qmail-smtpd rely on DJB's
resolver library, that somehow it is untrue that qmail-smtpd will rely
on a resolver library? Truly, your logic is mysterious.
Yes, rblsmtpd relies on a resolver library. The resolver library it
relies on is DJB's resolver library. If you make qmail-smtpd perform
rblsmtpd's task, it will also rely on a resolver library (unless you
plan on copying an entire resolver library into qmail-smtpd's code).
The library it relies on may indeed be the one written by DJB. Is
there something unclear about this relationship?
3. Blacklists must either be hardcoded, or require command-line
options (which requires more complex command-line parsing, which
will require hand-tuning to work well with your SMTP-AUTH patch),
or defined in yet-another-control-file.
And rblsmtpd does not "require command-line options"?
It even has hardcoded, useless default RBL.
We're not talking about rblsmtpd, we're talking about qmail-smtpd. By
saying I do not recommend a particular solution involving modifying
qmail-smtpd, I am not implicitly endorsing rblsmtpd as the paragon of
perfection. It is not. Are you happy now?
And with rblsmtpd you have to use same settings for every mailbox.
How lame is that?
And with rblsmtpd you ordinarily use blacklists. How lame is that?
Modifying qmail-smtpd to do rblsmtpd lookups when the client sends a
MAIL FROM command ALSO uses the same settings for every mailbox
(because, if you knew anything about SMTP, you'd know that at that
point there are no recipients). And assuming you feel like performing
your blacklist lookup only after RCPT TO commands, just what do you
propose to do about messages with multiple recipients, eh? And where
will you store your per-user configuration settings, a central
sysadmin-only config file, or a per-user user-definable config file?
Will you give qmail-smtpd sufficient permissions to read every user's
home directory for these configs (and thus subvert the entire qmail
security architecture), or will you also be linking in an SQL database
library to query? How bloated and ugly do you really like your email
software?
Here's another reason:
5. It requires giving qmail-smtpd permission to use the network.
Ordinarily, there is *no* reason to allow that and every reason to
forbid it (if you can, e.g. via iptables, AppArmor, or SELinux).
~Kyle
--
Science has proof without any certainty. Creationists have certainty
without any proof.
-- Ashley Montague
pgp2Ao3b4EY7j.pgp
Description: PGP signature
|