Conclusion

Email systems that provide email-relaying services to end users can be secured in a number of ways. Among the methods are POP before SMTP, tunneling SMTP via a TLS channel, and SMTP AUTH/STARTTLS. We chose to cover SMTP AUTH/STARTTLS because it has wide support among email clients and servers and is relatively easy to implement on the covered MTAs.

The basis for implementing SMTP AUTH/STARTLS for Sendmail and Postfix is the Cyrus SASL library. Although there are a number of front-end mechanisms, we decided to cover only the LOGIN and PLAIN front-end mechanisms because they are supported in the most modern email clients. In order to get full end-to-end encryption, TLS must be used. qmail support for SMTP AUTH/STARTTLS is provided by ...

Get Slamming Spam: A Guide for System Administrators now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.