LESSON 10

Date: 4/9/2009

Email Basics

Linux for Engineering and IT applications

Steps to Protect Email Server on the Internet

Allow email relay only to authorzed hosts/subnets/domains.

If users need to send email from untrusted subnets, set SMTP AUTH and protect connections with SSL.

For IMAP/POP3 connections from untrusted networks, enable IMAPS/POP3S (tcp/993 and tcp/995).

Implement Postfix ant-spam configuration in /etc/postfix/main.cf:


header_checks = regexp:/etc/postfix/bad_headers

In /etc/postfix/bad_headers:


/^Subject: Mortgage Low Rates / REJECT
/^(From|Received):.prodigy\.net/ REJECT

Reject "non-fully qualified host names" and "non qualified domains" (unresolvable by DNS):


smtpd_helo_required = yes
smtpd_helo_restrictions = reject_non_fqdn_hostname
smtpd_sender_restrictions = reject_unknown_sender_domain

Implement Virus and SPAM filtering software, for example, ClamAV and Spamassassin.

Reference on How To Install Postfix, Amavis, ClamAV, and Spamassassin.

Basic Steps of Email Transaction
Composing and Sending Email
Email Envelope and Headers
Popular Unix SMTP servers
IMAP and POP servers
Example of POP3 session
Example of IMAP session
SMTP and DNS
Basic Postfix Settings
Open Relay
Relaying e-mail to the outside of NAT
Steps to Protect Email Server on the Internet
Practical Exercises
Take me to the Course Website