Mail security issues in Linux

Source: Internet
Author: User
Keywords Linux mail Security SendMail
SMTP server Code of Practice: Incoming messages. Check the address of the message. If the address of the message is a local address, save the message for retrieval. If it is a remote address, forward the message. The SMTP server features the same as the packet router, except that the SMTP service is dedicated to mail. Most SMTP servers can store and forward messages as needed. The SMTP server has security requirements on two different tasks: Protect the server from being compromised. The server must be protected against external attacks, and if the external attack succeeds, the attacker can enter your system without authorization. Protect the SMTP service from incorrect use, such as using your email server to send fake mail and junk. The second problem is even more frightening. Some people use unprotected SMTP servers without hesitation to forward thousands of ads to Internet mail accounts. If they use your machine, they will overload the network. Unless specifically specified, Linux will be installed with SendMail as your message transfer agent. You can use Telnet to port 25来 to determine the version of SendMail. Examples of output results are as follows: [Jray@pointy Jray] $ telent poisontooth.com trying 24.93.119.226 ... Conneted to poisontooth.com. Escape character is a pointy. poisontooth.com ESMTP Sendmail 8.9.3/8.9.3→sat, June June 1999 16:27:14-0400 Here you can see Pointy.poisontooth.com is running sendmail/ 8.9.3. The intruder attacks the SendMail mainly because: SendMail is a public service, and once it runs, anyone can connect and use it. SendMail are normally run as root. Therefore, if an intruder discovers an exploitable vulnerability, it can gain high priority access rights. SendMail is very difficult to configure, so the intruder assumes that you will have problems with the installation (usually successful). Here are some typical sendmail attacks: The first is a MIME buffer overflow vulnerability. This attack does not affect the sendmail itself, but sendmail the customer who sent the message. Here, SendMail is a tool, not a goal. The Computer Emergency Response Team describes the attack in such a way that an attacker sends a specially crafted mail message to a vulnerable system, in which case the code chosen by the attacker is executed on the system. In addition, an attacker could be a fragile mail program that suddenly crashes. According to the Mail customer isIn the operating system and the user rights of the problematic mail client, the attack can crash the entire system. If a high authority user uses an vulnerable mail user agent to read the message, the attacker can gain administrative access to the system. Take a look at the helo buffer overflow. In earlier versions of sendmail8.9, an attacker could use the HELO command to route an abnormally long string to disguise its originating address. If an attacker sends a helo with at least 1024 bytes of ABC, the message header looks like this: from Attacker@attack.place.net Web modified 5 31:51 1998 Received:from ABCABCABCA BCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCAB→ABCABCABCABCABCABC date:wed, 5 modified 1998 12:32:22 +0300 from Attacker@attack.place.net an abnormal string hides information that should normally display the sender's IP address. This attack method, though not dangerous, can be exploited by an attacker to allow SendMail to forward mail spam and create messages that are difficult to track. There is also a password file/root access, which is a more terrible attack, it affects the sendmail8.8.4. Local users can use links to get root access. This attack method relies on SendMail to save undelivered messages after/var/tmp/dead.letter. All users can write to TMP, so local attackers can create a hard link between passwd and/var/tmp/dead.letter. Then send an undeliverable message to the SendMail server. In the message body, an attacker inserts a user account that can be added to the password file. When the message is marked as undeliverable, it is added to the/var/tmp/dead.letter and there is a hard link with passwd in/var/tmp/dead.letter. This results in the creation of a new system account with root privileges. SendMail as a prominent and frequently accessed server, is often the target of attack. A recent attack method focused on a vulnerability in the SendMail header parsing code. By creating a large number of messages to: headers, attackers can stop the server from running. This attack method is valid for sendmail8.9.2 and earlier versions, so even the recently installed SendMail is also affected. Executive Editor Zhao Zhaoyi#51Cto.com TEL: (010) 68476636-8001 to force (0 votes) is tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title party (0 Votes) passing (0 Votes) The original text: Linux mail security issues back to the network security home

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.