smapd and provider

smapd and provider

Post by Brice Rut » Mon, 14 Feb 2000 04:00:00



Greetings Olivier.

Here's the theory:

When protecting your computer from unwanted access (cracking) you want to know
_for sure_ that the daemons you are running are /secure/.  Well, the larger the
daemon, the less possible it is to guarantee that you've taken care of all
buffer overruns, and whatever other attack a script-kiddie can come up with.
Sendmail is a _/huge/_ program.  We're talkin' _monstrous_.  Obviously very
difficult to protect against attacks (they've done an admirable job, despite
the amount of code).  So - to protect your system, you run smapd, this handles
the incoming connections and stores the mail file so that sendmail can take
care of it.  It handles relay control (e.g. stopping people from using your
server to spam) and it takes care of people tryin' to crack your machine.
smapd is relatively small (maybe 200 or so lines of code) and this code has
been darn near guaranteed to be crack-free.  So, people run smapd to protect
their sendmail system.

smapd is NOT an outgoing proxy in the sense that you have http proxies and
such.  If you're not running a sendmail server, you do _not_ need smapd.  Your
provider might, but that's their problem, dig it?

Regards,
Brice


> I set up a POP3 proxy server on a linux server with pop3gwd.
> Now I want to install a SMTP proxy server for my users to be able to send
> mails.
> Squid doesn't do that so I was advised to use smap and smapd from TIS.

> The documentation doesn't talk about the way I do to enter the IP address of
> the SMTP server of my internet provider.
> Does it happen in the netperm-table file ?
> Do I need to modify the sendmail.conf ?

> I would be very grateful if someone could explain me th process to do.

--
+--+
"The use of COBOL cripples the mind; its teaching should,
therefore, be regarded as a criminal offense."
-- E. W. Dijkstra (1982)
 
 
 

smapd and provider

Post by Olivier Thoma » Tue, 15 Feb 2000 04:00:00


I set up a POP3 proxy server on a linux server with pop3gwd.
Now I want to install a SMTP proxy server for my users to be able to send
mails.
Squid doesn't do that so I was advised to use smap and smapd from TIS.

The documentation doesn't talk about the way I do to enter the IP address of
the SMTP server of my internet provider.
Does it happen in the netperm-table file ?
Do I need to modify the sendmail.conf ?

I would be very grateful if someone could explain me th process to do.

 
 
 

smapd and provider

Post by Olivier Thoma » Tue, 15 Feb 2000 04:00:00


Thanks for your help Brice.
After reading you I tried to launch the sendmail daemon. However I didn't
manage to send emails from my clients that don't have a recognized IP
address by my provider. My provider gave me 8 IP addresses. If one of these
addresses tries to send a mail via the linux machine that runs sendmail, it
works. However if I try to send an email from a non-recognized IP-address,
it fails. That's why I need a SMTP proxy. I couldn't find in the sendmail
documentation the lines I need to modify in my sendmail.cf file.
Do you have (or anyone else) any suggestions ?

Thanks a lot,
Olivier.

-----Original Message-----

Brice Ruth
Sent: Monday, February 14, 2000 12:21 PM
To: Olivier Thomas
Subject: Re: smapd and provider

Greetings Olivier.

Here's the theory:

When protecting your computer from unwanted access (cracking) you want to
know
_for sure_ that the daemons you are running are /secure/.  Well, the larger
the
daemon, the less possible it is to guarantee that you've taken care of all
buffer overruns, and whatever other attack a script-kiddie can come up with.
Sendmail is a _/huge/_ program.  We're talkin' _monstrous_.  Obviously very
difficult to protect against attacks (they've done an admirable job, despite
the amount of code).  So - to protect your system, you run smapd, this
handles
the incoming connections and stores the mail file so that sendmail can take
care of it.  It handles relay control (e.g. stopping people from using your
server to spam) and it takes care of people tryin' to crack your machine.
smapd is relatively small (maybe 200 or so lines of code) and this code has
been darn near guaranteed to be crack-free.  So, people run smapd to protect
their sendmail system.

smapd is NOT an outgoing proxy in the sense that you have http proxies and
such.  If you're not running a sendmail server, you do _not_ need smapd.
Your
provider might, but that's their problem, dig it?

Regards,
Brice


> I set up a POP3 proxy server on a linux server with pop3gwd.
> Now I want to install a SMTP proxy server for my users to be able to send
> mails.
> Squid doesn't do that so I was advised to use smap and smapd from TIS.

> The documentation doesn't talk about the way I do to enter the IP address
of
> the SMTP server of my internet provider.
> Does it happen in the netperm-table file ?
> Do I need to modify the sendmail.conf ?

> I would be very grateful if someone could explain me th process to do.

--
+--+
"The use of COBOL cripples the mind; its teaching should,
therefore, be regarded as a criminal offense."
-- E. W. Dijkstra (1982)