MainInclusionReportDrac

Main Inclusion Report for drac

Drac stands for Dynamic Relay Authorization Control, which implements the Pop-Before-SMTP technique.

Requirements

  1. Availability: http://archive.ubuntu.com/ubuntu/pool/universe/d/drac; available for all supported architectures.

  2. Rationale:

    • Build dependency of dovecot in main.

  3. Security:

    • CVE entries: None

    • Secunia history: None

    • Daemons: rpc.dracd runs as root.
    • Network activity: dracd runs via portmap.
    • Any source code review performed: No, but the source code is very small (less than 1000 LOC).

  4. Quality assurance:

    • The daemon itself runs OOTB. However the MTA has to be configured to use the database maintained by dracd. Instructions for doing so are given in README.Debian (for postfix, exim and sendmail). The POP/IMAP servers also need to be setup to report login/logout information to the dracd daemon. That involves adding drac support to the daemons (dovecot has a plugin that implements drac).
    • Does the package ask any debconf questions higher than priority 'medium': No.

    • Debian bugs: nothing important.

    • Maintenance in Debian is calm.

    • http://mail.cc.umanitoba.ca/drac/ is calm.

    • Upstream bug tracker: None.

  5. Standards compliance:

    • FHS, Debian Policy compliance: yes.

    • Packaging system: debhelper. No patch system.

  6. Dependencies:

    • portmap, postfix | mail-transport-agent: all in main.

  7. Background information:

DRAC (Dynamic Relay Authorization Control) is a daemon that dynamically updates a relay authorization map for sendmail. It provides a way to allow legitimate users to relay mail through an SMTP server, while still preventing others from using it as a spam relay. User's IP addresses are added to the map immediately after they have authenticated to the POP or IMAP server. By default, map entries expire after 30 minutes, but can be renewed by additional authentication. Periodically checking mail on a POP server is sufficient to do this. The POP and SMTP servers can be on different hosts.

It's an implementation of the Pop-Before-SMTP technique.

Reviewers

Approved for Ubuntu main by Ian Jackson 30.8.07.

MainInclusionReportDrac (last edited 2008-08-06 16:32:28 by localhost)