Shaun Savage writes: > > I am trying to add/make a new security policy for the courier mail server. > Sendmail is easy compared with qmail or courier. This will also be a good > learning experiance for me (and others) to go through the thinking behind > creating a security policy. I am not a courier expert, but I think > selinux and courier would be good togther. > > courier stuff > See http://www.nsa.gov/selinux/doc/policy/policy.html > I was think about at least three domains for smtp. One for the input > modules, one for submit/courierd, and one for the output modules. The > issues here are we want to isolate any IO modules from the queue AND > isolate any modules that have suid.
Oh, the IO modules certainly need to access the queue. That's where the messages are that must be sent. > What I need to know is which executable accesses what files/dirs? > What are the transitions, what modules call/execute what other modules? > A state diagram of the basic courier process would be great? http://www.courier-mta.org/queue.html is vaguely general. It shows most relationships, but not all (both courierdns and courierlocal, for example, run submit to inject bounces or forward mail). -- Sam _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
