For mail security issues in LINUX-Linux Enterprise Application-Linux server application information, see the following for details. Today, the most widely used E-mail transmission protocol is simple mail Transmission Protocol (SMTP ). Every day, SMTP is used to transmit thousands of e-mail messages to all parts of the world.
Few SMTP server procedures:
Received message.
Check the Message Address.
If the message address is a local address, save the message for retrieval.
If it is a remote address, forward the message.
The SMTP server functions the same as the package router, except for the SMTP service for mail. Most SMTP servers can store and forward messages as needed.
The SMTP server puts forward security requirements on two different tasks:
Protect the server against attacks. You must add protective armor to the server to prevent external attacks. If an external attack succeeds, the attacker will be able to access your system without authorization.
Protect the SMTP service to avoid improper use. For example, outsiders use your email server to send fake emails and spam.
The second problem is even more terrible. Some may use unprotected SMTP servers to forward thousands of ads to Internet mail accounts without thinking about them. If they use your machine, it will overload the network.
Unless otherwise specified, LINUX will use sendmail as your email transmission proxy during installation. Telnet to port 25 to determine the sendmail version. An example of the output result is as follows:
Here we can see that pointy.onontooth.com is running sendmail/8.9.3.
Intruders initiate attacks on sendmail mainly because:
Sendmail is a public service. Once it runs, anyone can connect to and use it.
Sendmail is usually run as root. Therefore, if an attacker discovers a vulnerability that can be exploited, the attacker can obtain the access permission with a higher priority.
Sendmail is very difficult to configure, And intruders assume that you have problems with the installation (usually successful ).
The following are some typical sendmail Attacks:
The first is the MIME Buffer Overflow Vulnerability. This attack does not affect sendmail itself, but the customer who sent the mail by sendmail. Here, sendmail is a tool rather than a target. The Computer Emergency Response Team described the attack as follows:
An attacker sends a specially crafted email message to a vulnerable system. In some cases, the Code selected by the attacker is executed on the system. In addition, attackers can cause a sudden collapse of vulnerable email programs. Attacks can crash the entire system based on the operating system that the email client is running and the user permissions of the problematic email client program. If a high-Permission user reads emails using an email user proxy that is vulnerable to attacks, attackers can gain management permissions to access the system.
Let's take a look at HELO Buffer Overflow. In versions earlier than sendmail8.9, attackers can use the HELO command to send strings with abnormal lengths to disguise their own initiated addresses. If an attacker sends at least 1024 bytes of abc after HELO, the message header is as follows:
From attacker@attack.place.net Web Feb 5 22 31: 51 1998
Received: from abcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcab → abcabcabcabcabcabcabcabc
Date: Wed, 5 Feb 1998 12:32:22 + 0300
From attacker@attack.place.net
The abnormal string hides the information that the sender's IP address should be properly displayed. Although this attack method is not dangerous, attackers can use it to forward mail spam and create emails that are difficult to track.
There is also a password file/Root access, which is a more terrible attack, it affects sendmail8.8.4. Local users can use the link to obtain root access. This attack method relies on sendmail to save undelivered messages after/var/tmp/dead. letter.
All users can perform write operations on/var/tmp. Therefore, local attackers can create a hard link between/etc/passwd and/var/tmp/dead. letter. Then, send a message that cannot be delivered to the sendmail server. In the message body, attackers can insert a user account that can be added to the password file.
When the message is marked as undeliverable, it will be added to/var/tmp/dead. and in/var/tmp/dead. letter has a hard link with/etc/passwd. This leads to a new system account with Root permissions.
As a prominent and frequently accessed server, Sendmail is often the target of attacks. The latest attack method is concentrated on a vulnerability in the sendmail header parsing code. By creating a large number of TO: Header messages, the attacker can stop the server. This attack method is effective for sendmail8.9.2 and earlier versions, so even the recently installed sendmail is also affected.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
