[PLUG] How dangerous is handling my own mail?

Felix Lee felix.1 at canids.net
Tue Mar 30 15:06:01 UTC 2004


my instinct is that web servers are a lot more "dangerous" than
mail servers, and ideally any web server accessible by the world
should be outside your firewall.  if the web server just serves
static pages, then there's little risk, but few people want to
serve just static pages.  (and many of those people will still
use something like apache, which introduces a large amount of
complexity unrelated to static pages.)

mail servers are pretty innocuous these days.  after many
embarrassing security problems in sendmail (like the Morris Worm
in 1988), people in the 90s decided it would be a good idea to
design MTAs with a not-so-cuddly view of the internet and pay
careful attention to paranoiac security issues from the start, so
you have MTAs like postfix and qmail that have simple and robust
security models based on separation of privileges.

I think right now the main problem with mail servers is spam, and
sometimes DoS attacks.

... I'm just amused that the Morris Worm was a Big Deal, and it
motivated people to attack root causes of security problems.
it's 16 years later, there's a minor worm outbreak every week,
and people are spending an awful lot of energy on band-aids.
--




More information about the PLUG mailing list