Author: Chagui
Source: 21XO
SendMail, as a free mail server software, has been widely used in servers of various operating systems on the Internet. such as: Solaris,hpux,aix,irix,linux and so on. With the spread of the Internet, the chances of the mail server being attacked are also greatly increased. Currently, there are two types of attacks on Internet mail servers: one is relay use (Relay), where a remote machine sends a message through your server so that anyone can use your server to send e-mail to any address, and over time, your machine is not only an accomplice to sending spam, It will also increase your network's international traffic, and may be rejected by many mail servers on the Internet. Another type of attack called spam (Spam), which is often referred to as a mail bomb, is that the server may receive a large amount of unwanted mail in a very short time, causing the mail server to become overwhelmed and paralyzed. Both of these attacks can cause the mail server to not function properly. Therefore as a campus network mail server to prevent mail attacks will be indispensable.
Currently, there are two ways to block mail attacks for SendMail mail servers. One is to upgrade the high version of the Server software, leveraging the security features of the software itself. The second is the use of Third-party software, such as dynamic relay validation control function to achieve. The following is an example of SendMail V8.9.3 to describe these methods.
1. Server's own security features
(1) Security Considerations when compiling SendMail
To take advantage of the SendMail 8.9.3 block mail attack feature, you must set up the relevant parameters at system compile time and use the relevant software packages. At present, the main use of the Berkeley DB database functions, Berkeley DB package can be downloaded from the relevant site, and need to compile well beforehand. The relevant parameters of Berkeley DB are then written into the SendMail file.
A. Modifying the Site.config.m4 file
Add the compiled Berkeley DB-related library file path to the Site.config.m4 file so that SendMail can use the Berkeley DB database after compiling. For example:
#cd $/sendmail-8.9.3/buidtools/site
modifying SITE.CONFIG.M4 files
Define (Confincdirs,-i/usr/local/berkeleydb/include)
Define (Conflibdirs, L/usr/local/berkeleydb/lib)
B. Modifying the SENDMAIL.MC file
SENDMAIL.MC is one of the template files that generate SENDMAIL.CF, and you need to define it in this file to make SendMail have an anti-mail attack capability. Mainly include the following:
......
FEATURE (Relay_entire_domain)
FEATURE (access_db) dn1
FEATURE (blacklist_recipients)
......
(2) The configuration of related files
Correctly compiling the sendmail is the basis of the security control of the mail server, and the real security settings are mainly used in the relevant documents. The files that contain the control statements are primarily access and relay-domains.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
