The
SendMail, as a free mail server software, has been widely used in servers of various operating systems on the Internet. such as: Solaris,hpux,aix,irix,linux and so on. With the spread of the Internet, the chances of the mail server being attacked are also greatly increased.
There are two types of attacks currently on the Internet's mail servers: one is relay use (Relay), where a remote machine sends a message through your server so that anyone can use your server to send e-mail to any address, and over time, your machine is not only an accomplice to sending spam, It will also increase your network's international traffic, and may be rejected by many mail servers on the Internet. Another type of attack called spam (Spam), which is often referred to as a mail bomb, is that the server may receive a large amount of unwanted mail in a very short time, causing the mail server to become overwhelmed and paralyzed. Both of these attacks can cause the mail server to not function properly. Therefore as a campus network mail server to prevent mail attacks will be indispensable.
There are two ways to block mail attacks for SendMail mail servers. One is to upgrade the high version of the Server software, leveraging the security features of the software itself. The second is the use of Third-party software, such as dynamic relay validation control function to achieve. The following is an example of SendMail V8.9.3 to describe these methods.
1. Server's own security features
(1) Security Considerations when compiling SendMail
to take advantage of the SendMail 8.9.3 block mail attack feature, you must set the relevant parameters at system compile time and use the relevant software packages. At present, the main use of the Berkeley DB database functions, Berkeley DB package can be downloaded from the relevant site, and need to compile well beforehand. The relevant parameters of Berkeley DB are then written into the SendMail file.
A. Modify the Site.config.m4 file
To add the compiled Berkeley DB-related library file path to the Site.config.m4 file so that SendMail can use the Berkeley DB database after compiling. For example:
#cd $/sendmail-8.9.3/buidtools/site
Modify site.config.m4 file
Define (confincdirs,-i/usr/local /berkeleydb/include)
Define (conflibdirs, L/usr/local/berkeleydb/lib)
B. Modifying the SENDMAIL.MC file
SENDMAIL.MC is one of the template files that generate SENDMAIL.CF, and you need to define it in this file to make SendMail have an anti-mail attack capability. Mainly include the following:
......
FEATURE (Relay_entire_domain)
FEATURE (access_db) dn1
FEATURE (blacklist_recipients)
......
(2) The configuration of related files
Correctly compiling the sendmail is the basis of the security control of the mail server, and the real security settings are mainly used in the relevant documents. The files that contain the control statements are primarily access and relay-domains.
Access is the primary database file for Message security control in which you can write the domain name, IP address or destination e-mail address that you want to control, and the corresponding action values in a specific format, and then use the Makmap command to generate the Access.db file (#makemap hash Access.db
Spam.com REJECT
edu.cn OK
hotmail.com Discard
Where the reject action is to reject the receipt of the message from the specified address, OK is to allow the specific address users to access arbitrary, relay allow the mail server for transit mail, discard is the message received to a specific command processing, such as: You can set the received message discarded, or set a message to return to the user after receiving an error message, and so on.
The Relay-domains file is the domain that the server can relay, and the format is one row for each domain. Such as:
......
CN
Edu
Jp
......
It is recommended that all top-level domain names be added to the server when it is used, and then modified as security required, otherwise the POP3 user will be sent a relay reject error when sending the message, and cannot send mail to the domain name destination e-mail address that is not joined.