Open Source E-mail Security

Rich Blum has worked for the past 13 years as a network and systems administrator for the U.S. Department of Defense at the Defense Finance and Accounting Service. There he has been using Unix operating systems as an FTP server, TFTP server, e-mail server, mail list server, and network monitoring device in a large networking environment. Rich currently serves on the board of directors for Traders Point Christian Schools and is active on the computer support team at the school, helping to support a Microsoft network in the classrooms and computer lab of a small K-8 school. Rich has a bachelors of science degree in electrical engineering, and a masters of science degree in management, specializing in Management Information Systems, both from Purdue University. When Rich is not being a computer nerd, he is either playing electric bass for the church worship band or spending time with his wife, Barbara, and two daughters, Katie Jane and Jessica.

Introduction.
I. E-MAIL PRINCIPLES.

1. E-mail Basics.


Unix E-mail Systems. E-mail Protocols. E-mail Security. Summary.

2. SMTP.


SMTP Description. Extended SMTP. Message Formats. Summary.

3. POP3.


Description of the Post Office Protocol. POP3 Authentication Methods. POP3 Client Commands. Open Source POP3 Implementations. Summary.

4. IMAP.


Description of the Interactive Message Access Protocol. IMAP Authentication Methods. IMAP Client Protocol. Open Source IMAP Implementations. Summary.

5. MIME.


The Uuencode Program. MIME and Binary Data. S/MIME. Open Source MIME Packages. MIME with PGP. Summary.

6. Reading E-mail Headers.


Decoding Forged E-mail Headers. Using DNS Programs to Track E-mail Hosts. Using External Spam Services. Summary.

II. SERVER SECURITY.

7. Securing the UNIX Server.


Monitoring Log Files. Preventing Network Attacks. Blocking Network Access to the Server. Detecting Break-ins. Summary.

8. The sendmail E-mail Package.


What Is sendmail? Configuring sendmail. Using the m4 Preprocessor. The sendmail Command Line. Installing sendmail. Securing sendmail. Summary.

9. The qmail E-mail Package.


What Is qmail? Control Files. Downloading and Compiling the qmail Source Code. Configuring qmail. Using the qmail sendmail Wrapper. Receiving SMTP Messages. qmail and Security. Summary.

10. The Postfix E-mail Package.


What Is Postfix? Downloading and Compiling Postfix. Configuring Postfix. Starting Postfix. Postfix and Security. Summary.

11. Preventing Open Relays.


Open and Selective Relaying. Configuring Selective Relaying. Avoiding Open Relays. Summary.

12. Blocking Spam.


Methods Used to Block Spam. Implementing Spam Blocking. Summary.

13. Filtering Viruses.


Methods Used to Block Viruses. Implementing Virus Filtering. Implementing Virus Scanning. Summary.

III. E-MAIL SERVICE SECURITY.

14. Using E-mail Firewalls.


The SMTP VRFY and EXPN Commands. Disabling the VRFY and EXPN Commands. Using an E-mail Firewall. Creating an E-mail Firewall. Summary.

15. Using SASL.


What Is SASL? The Cyrus-SASL Library. Implementing SASL. Testing the SASL Server. Summary.

16. Secure POP3 and IMAP Servers.


The SSL Family of Protocols. The OpenSSL Package. Using UW IMAP with SSL. Summary.

17. Secure Webmail Servers.


What Is Webmail? The TWIG Webmail Server. The MySQL Database. The Apache Web Server with PHP Support. Installing the TWIG Webmail Server. Summary.