PureMessage for UNIX: protection against security vulnerabilities
To protect against security vulnerabilities, the PureMessage policy engine runs as a separate, unprivileged process. Sendmail communicates with the engine via a socket or named pipe using the Milter protocol. Because the PureMessage engine doesn't need to run with any special privileges, you can avoid a large class of security vulnerabilities.
When the engine and sendmail run on the same system, you can use a named pipe for communication between sendmail and the PureMessage filter. This configuration provides excellent control over who can 'talk' to the engine. When you use a socket, the PureMessage engine should only accept connections on particular network interfaces, such as localhost, or a network interface that connects to the local network. The default setting only accepts connections from localhost, thus avoiding the other large class of security vulnerabilities, denial-of-service attacks.
If you need more information or guidance, then please contact technical support.
- Article ID: 10172
- Created: 16 Dec 2003
- Last updated: 29 Jun 2006
