Chapter 6. Building Secure Mail Servers

Laugh-a while you can, monkey-boy.

—Lord John Whorfin The Adventures of Buckaroo Banzai Across the 8th Dimension

Providing mail service can mean several things. When a user clicks Send, the message must be transported from their system through intervening mail servers to the destination machine. Mail Transport Agents, or MTAs, are responsible for getting mail from point A to point B. Mail transport is the backbone of mail service.

Of course, mail transport is not the whole story. Once on the destination system, the Mail Delivery Agent, or MDA, is responsible for placing the mail message into a user’s inbox. No discussion of providing mail service can be complete without covering mail delivery.

Mail delivery is often taken for granted by users. From their perspective, mail consists of messages sitting in their inbox accessed through webmail or a mail client. We refer to such programs as Mail User Agents, or MUAs. These programs utilize mail access protocols like the Post Office Protocol (POP), the Internet Message Access Protocol (IMAP), and the Messaging Application Programming Interface (MAPI). Mail access is the third key component of mail service.

The single function of providing mail service is complex, but can be done in a secure fashion with a little planning and diligence. We begin by looking at risks associated with providing mail services. This motivates our discussion of mail architecture and subsequent software configuration ...

Get Mastering FreeBSD and OpenBSD Security now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.