Article Title: Application tips: How to Prevent email servers from being abused. Linux is a technology channel of the IT lab in China. Some basic classification email servers, such as desktop applications, Linux system management, kernel research, embedded systems, and open source, play a very important role on the Internet. SMTP (Simple Mail Transfer Protocol) is a commonly used protocol for email transmission between computers on the Internet, sendmail is a widely used mail transmission agent in Unix systems that constitute the mail server. It complies with the SMTP protocol and provides powerful mail service functions, it can host email communication services for tens of thousands of users.
In the United States, Sendmail does not authenticate the identity of users when sending emails to users, which provides opportunities for advertisers or spam creators-anyone who wants to send emails, you can use any Sendmail server without authentication and "open relay" to send a large number of spam or ad mails to it. Although Sendmail versions 8.9.3 and later provide some function to restrict Email Forwarding, this can be restricted to some extent, however, it can only be restricted based on static IP addresses, email addresses, or domain names, so that legal users can only use the email server within a fixed IP address range, otherwise it will be rejected. This makes it inconvenient for users to use it. For example, if a user returns home from work or is on a business trip, he or she cannot use the work unit's email server to send emails, you cannot use the school email server to send emails when you leave school on holidays. However, if the email server is set to the open relay mode, the server forwarding function may be abused. This is a very conflicting issue and has long plagued the mail server administrator.
In order to prevent emails from becoming a transfer station for spam and be rejected by external email servers, in the past, many email server administrators had to choose the mail relay mode. Now, with the continuous update of the Sendmail software version, new features also emerge. The new version of Sendmail 8.12.5 mail server software can be used with the Cyrus-SASL (Simple Authentication and Security Layer) Identity Authentication Library to solve the identity Authentication problem for mail users. After the server has the authentication function, anyone who wants to send a letter through the mail server must first enter the user name and password for identity authentication.
The following describes how to compile and install the Cyrus-SASL Library and the Sendmail 8.12.5 software to enable the mail system to support the SMTP authentication function of SASL.
I. Environment
Operating System Platform: Solaris 2.7 or Linux 6.2 or higher
Software used: Cyrus-SASL 1.5.27 and Sendmail 8.12.5
II. Compile and install the Cyrus-SASL Library:
2. Unpack:
Tar xvfz cyrus-sasl-1.5.27.tar.gz
3. Compilation and installation:
Go to the cyrus-sasl-1.5.27 directory:
# Cd cyrus-sasl-1.5.27
Compilation Configuration:
#./Configure -- enable-login -- enable-plain
Because the SASL library does not support the use of some client software by default, some feature options need to be added when generating the configuration file. For details about what to add, run the following command:
#./Configure-help
For example, if "-- enable-login" is added because OutLook Expresss uses the LOGIN authentication method, SASL library does not support this method by default, so it is important to add it when generating the configuration file.
By default, all library functions are installed in the "/usr/local/lib" directory, however, the library functions used by Sendmail are in the "/usr/lib" directory, so some modifications are required. Modify the default path before running the configure script. Open the configure file and find the following line:
Ac_default_prefix =/usr/local
Changed:
Ac_default_prefix =/usr
Compile:
# Make
Installation:
# Make install
The SASL library is installed here (note that no error warning is displayed throughout the compilation and installation process ).
Next, you must set the Sendmail user authentication method. Because the system account and password are used for verification, you must go to "/usr/lib/Sendmail. conf file:
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
