Internet e-Mail Servers (SMTP/POP3/IMAP4)

Besides the World Wide Web, the other major factor in the growth of the Internet has been electronic mail. e-mail allows users to send messages instantly to worldwide recipients without cost or delay. This has had a huge impact on business; almost every business worker has an e-mail address.

As computer networks grew in the early '90s, corporate e-mail became very common within companies. No longer did you have to print out memorandums and place them in the required physical mailboxes or pigeonholes. You could type a short memo and send it directly from your e-mail client to the intended recipients. The use of e-mail distribution lists allowed users to send one e-mail to multiple recipients, further improving the value of e-mail.

With the advent and growth of the Internet, more and more corporations connected their internal e-mail systems to the Internet and provided internal users with Internet e-mail addresses. This opened up the world for internal e-mail users, as they could now send a message to anyone who had a valid Internet address directly from their usual e-mail client installed on their workstation.

Internet e-mail systems use a combination of three application layer protocols that belong to the TCP/IP suite. These protocols are SMTP, POP3, and IMAP4, and they operate over TCP ports 25, 110, and 143 respectively.

  • Simple Mail Transfer Protocol (SMTP)— SMTP is an application layer protocol that operates over TCP port 25. SMTP is defined in RFC 821 and was originally modeled on FTP. SMTP transfers e-mail messages between systems and provides notification regarding incoming e-mail.

  • Post Office Protocol version 3 (POP3)— POP3 is an application layer protocol that operates over TCP port 110. POP3 is defined in RFC 1939 and is a protocol that allows workstations to access a mail drop dynamically on a server host. The typical use of POP3 is on the e-mail client, where the client retrieves messages that the e-mail server is holding for it.

  • Internet Message Access Protocol revision 4 (IMAP4)— IMAP4 is an application layer protocol that operates over TCP port 143. IMAP4 is defined in RFC 2060 and is a protocol that allows an e-mail client to access and manipulate e-mail messages that are stored on a server.

    IMAP4 adds a lot more functionality compared with POP3 and is the latest e-mail protocol to be devised. With IMAP4, you can manipulate and control remote e-mail accounts similar to the way you can with local mailboxes in Microsoft Exchange or a similar corporate e-mail client.

E-mail will continue to add to the growth of the Internet. New media-rich improvements to e-mail are occurring all the time. These improvements further enhance the benefit of e-mail, both to corporate and to home users.

Threats Posed to Internet e-Mail Servers

Internet e-mail systems can be attacked to deny service, or they can be misused if they are incorrectly configured.

One common misuse of Internet e-mail systems is spam. Spam is unsolicited bulk e-mail; the people who send it are known as spammers. Spammers usually send bulk e-mails about get-rich-quick schemes or advertising pornographic web sites. Spam is enabled if the Web server is running as an open relay. Various Internet groups, such as the Open Relay Behavior-modification System (ORBS, www.orbs.org), have emerged to crack down on server administrators who are running open relays, either intentionally or unintentionally.

Spam results in the e-mail servers becoming heavily loaded while sending out e-mails to sometimes thousands of recipients; this increases the load on the server and utilizes bandwidth to the server.

Internet e-mail servers, as any other server, can be subject to the common DoS attacks. These attacks render the server unusable to the general public.

There are also application vulnerabilities relating to Internet e-mail servers. The common Microsoft Windows-based e-mail system is Microsoft Exchange, and the common UNIX-based e-mail system is Sendmail. Both of these applications have vulnerabilities associated with them. Recently, there has been a vulnerability with Microsoft IIS 4.0 where you could run a command such as CMD.EXE remotely over the Internet. A very simple FORMAT C: could then be carried out to format a drive on the server. Microsoft has recently fixed this with a service pack.

Solutions to the Threats to Internet e-Mail Servers

The provision of a firewall between the Internet e-mail server and the public network is the easiest way to reduce the threats to the Internet e-mail server. The firewall should be configured to restrict access to the specific ports used for e-mail communication—in this case, SMTP and POP3.

The operating system and e-mail application that are running on the server should both have the latest service and security patches. This ensures that any known vulnerabilities that exist within the operating system and application are protected.

The e-mail service should be configured to disallow spam. There are various documents on how to do this, based on the e-mail server that you are running. Further information can be found at www.orbs.org.

Configuration Recommendations for Internet e-Mail Servers

Using the Cisco Secure PIX Firewall, the following commands allow SMTP and POP3 traffic to the Internet e-mail server with an internal address of 192.168.0.11/24 and provide static translation to the public address of 194.73.134.11/24. This is based on Figure 11-3:

static (inside, outside) 194.73.134.11 192.168.0.11 netmask 255.255.255.255 0 0
conduit permit tcp host 194.73.134.11 eq smtp any
conduit permit tcp host 194.73.134.11 eq pop3 any

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.226.98.34