Provided by: messagewall_1.0.8-3_i386
messagewall - a filtering SMTP proxy
When MessageWall starts, it begins listening on port 25 of listen_ip,
and opens up max_backends connections to backend_ip on port 25. It
accepts messages from SMTP clients on listen_ip, assigns them a
"profile" based on their envelope destination address and performs
filtering as specified in the "profile". If the message passes this
filtering, it is sent on to the backend for delivery. Refused messages
generate errors during the SMTP conversation itself; MessageWall never
generates bounce messages itself.
If the backend server becomes unavailable, MessageWall will issue
temporary errors to connecting clients. MessageWall never queues mail
MessageWall needs to bind to port 25 on listen_ip shortly after
starting, so it must be run as root. After binding this IP, it chroots
to the directory specified as root. It then drops its UID and GID to
user and group, respectively. It also drops supplemental groups.
Precautions are taken inside MessageWall at all points for safe string
and format handling to protect against buffer overflows. MessageWall
never launches any external programs, and only opens files inside its
chroot that were specified in the configuration file. It never opens
any files for writing.
max_clients and max_per_ip provide DoS protection to the greatest
extent possible in TCP.
Please report any security issues to <email@example.com>. While
we understand that all security researchers have their own disclosure
policies, we would appreciate 48 hours notice before public release of
an advisory, to give us time to develop and test appropriate fixes.
Ian Gulliver <firstname.lastname@example.org>