Skip to Main Content
Postfix: The Definitive Guide
book

Postfix: The Definitive Guide

by Kyle D. Dent
December 2003
Beginner content levelBeginner
278 pages
10h 47m
English
O'Reilly Media, Inc.
Content preview from Postfix: The Definitive Guide

Postfix Security

Email systems are necessarily exposed to possible attacks because their function requires that they accept data from untrusted systems. The challenge is to build systems that are resistant to attack, and any good security strategy includes multiple layers of protection. This is particularly true for public systems in a potentially hostile environment. Postfix takes a proactive and multilayered approach to security. The Postfix architecture limits the severity of vulnerabilities, even if there are design or coding errors that might otherwise create major vulnerabilities in a monolithic privileged program.

Modular Design

The modular architecture of Postfix forms the basis for much of its security. Each Postfix process runs with the least amount of privilege necessary to get its particular job done. Many of Sendmail’s security problems were exacerbated because Sendmail ran as a privileged process most of the time. Postfix operates with the minimum privilege necessary to accomplish a particular task. Postfix processes that are not needed on a system can be turned off, making it impossible to exploit them. For example, a network firewall system that only relays mail and does not need local delivery can have all the Postfix components for local delivery turned off. Postfix processes are insulated from each other and depend very little on any interprocess communication. Each process determines for itself what it needs to know.

Shells and Processes

In most cases, the ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Linux Cookbook, 2nd Edition

Linux Cookbook, 2nd Edition

Carla Schroder
Linux Under the Hood

Linux Under the Hood

Sander van Vugt
Kubernetes: Up and Running, 2nd Edition

Kubernetes: Up and Running, 2nd Edition

Brendan Burns, Joe Beda, Kelsey Hightower

Publisher Resources

ISBN: 0596002122Errata Page