In this book you'll learn the technology underlying secure e-mail systems,
from the protocols involved to the open source software packages used to
implement e-mail security. This book explains the secure MIME (S/MIME) protocol
and how it is used to protect data transmitted across the Internet. It also
explains the concepts crucial to stopping spam messages using the three most
popular open source mail packages--sendmail, qmail, and postfix. It presents
detailed configurations showing how to avoid accepting messages from known open
relays and how to filter known spam messages. Advanced security topics are also
covered, such as how to install and implement virus scanning software on the
mail server, how to use SMTP authentication software, and how to use the SSL
protocol to secure POP, IMAP, and WebMail servers.
Table of Contents
I. E-MAIL PRINCIPLES.
1. E-mail Basics.
Unix E-mail Systems. E-mail Protocols. E-mail
SMTP Description. Extended SMTP. Message
Description of the Post Office Protocol. POP3
Authentication Methods. POP3 Client Commands. Open Source POP3 Implementations.
Description of the Interactive Message Access
Protocol. IMAP Authentication Methods. IMAP Client Protocol. Open Source IMAP
The Uuencode Program. MIME and Binary Data.
S/MIME. Open Source MIME Packages. MIME with PGP. Summary.
6. Reading E-mail Headers.
Decoding Forged E-mail Headers. Using DNS
Programs to Track E-mail Hosts. Using External Spam Services. Summary.
II. SERVER SECURITY.
7. Securing the UNIX Server.
Monitoring Log Files. Preventing Network
Attacks. Blocking Network Access to the Server. Detecting Break-ins. Summary.
8. The sendmail E-mail Package.
What Is sendmail? Configuring sendmail. Using
the m4 Preprocessor. The sendmail Command Line. Installing sendmail. Securing
9. The qmail E-mail Package.
What Is qmail? Control Files. Downloading and
Compiling the qmail Source Code. Configuring qmail. Using the qmail sendmail
Wrapper. Receiving SMTP Messages. qmail and Security. Summary.
10. The Postfix E-mail Package.
What Is Postfix? Downloading and Compiling
Postfix. Configuring Postfix. Starting Postfix. Postfix and Security. Summary.
11. Preventing Open Relays.
Open and Selective Relaying. Configuring
Selective Relaying. Avoiding Open Relays. Summary.
12. Blocking Spam.
Methods Used to Block Spam. Implementing Spam
13. Filtering Viruses.
Methods Used to Block Viruses. Implementing
Virus Filtering. Implementing Virus Scanning. Summary.
III. E-MAIL SERVICE SECURITY.
14. Using E-mail Firewalls.
The SMTP VRFY and EXPN Commands. Disabling the
VRFY and EXPN Commands. Using an E-mail Firewall. Creating an E-mail Firewall.
15. Using SASL.
What Is SASL? The Cyrus-SASL Library.
Implementing SASL. Testing the SASL Server. Summary.
16. Secure POP3 and IMAP Servers.
The SSL Family of Protocols. The OpenSSL
Package. Using UW IMAP with SSL. Summary.
17. Secure Webmail Servers.
What Is Webmail? The TWIG Webmail Server. The
MySQL Database. The Apache Web Server with PHP Support. Installing the TWIG
Webmail Server. Summary.