
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
251
Chapter 9
CHAPTER 9
Securing Internet
Email
Like DNS, email’s importance and ubiquity make it a prime target for vandals,
thieves, and pranksters. Common types of email abuse include the following:
• Eavesdropping confidential data sent via email
• “Mail-bombing” people with bogus messages that fill up their mailboxes or
crash their email servers
• Sending messages with forged sender addresses to impersonate someone else
• Propagating viruses
• Starting chain letters (hoaxes)
• Hijacking the email server itself to launch other types of attacks
• Sending unsolicited commercial email (UCE), a.k.a. “spam”
The scope and severity of these threats are not helped by the complexity of running
Internet email services, including both Mail Transfer Agents (MTAs) and Mail Deliv-
ery Agents (MDAs). Email administration requires a working understanding of the
Simple Mail Transfer Protocol (SMTP) plus your MDA protocol of choice (typically
IMAP or POP3), as well as a mastery of your MTA and MDA applications of choice.
There really aren’t any shortcuts around either requirement (although some MTAs
and MDAs are easier to master than others).
There are a number of MTAs in common use. Sendmail is the oldest and tradition-
ally the most popular. Postfix is a more modular, simpler, and more secure alterna- ...