Chapter 8 - Securing SMTP and POP3 Services

Abstract

Simple mail transfer protocol (SMTP) and post office protocol version 3 (POP3) together provide a complete e-mail service that allows users to send and retrieve mail. This chapter describes how to install and configure the SMTP and POP3 servers, highlighting the security options that each offers. The chapter also provides an account of connection controls that can limit the machines that can connect to a server and transport layer security for encryption message delivery and authentication mechanisms for the users. SMTP is the protocol used to deliver e-mail across the Internet. Each SMTP server uses a number of folders to hold its working files, and can be configured to accept mail for multiple domain name system (DNS) domains. By default, each SMTP server accepts mail for its default domain only. Additionally, only authenticated users are able to send mail out to nonlocal domains via the SMTP server. This chapter provides techniques to tweak these authentications. The POP3 protocol allows mail to be retrieved by a user from his or her individual mailbox. An SMTP server receives mail for a domain and passes it across to a POP3 server to be sorted into individual mailboxes. Users then connect to the POP3 server to view or retrieve their mail. The chapter also discusses the techniques used for configuring and securing the POP3 servers.Windows server 2003 provides e-mail services comprising both simple mail transfer protocol (SMTP) server, and a post office protocol version 3 (POP3). Together these provide a complete e-mail service that allows the users to send and retrieve mail. This chapter focuses on techniques used for configuring and installing SMTP and POP3 servers, highlighting the security features that they offer. When the SMTP service is installed, it creates an SMTP server called Default SMTP Virtual Server. For most organizations, this single SMTP server is sufficient. However, it is possible to create additional SMTP servers if required. Each SMTP server must bind to a separate Internet protocol (IP) address, or a unique transmission control protocol (TCP) port. The chapter illustrates the necessary conditions for installing multiple SMTP servers and provides step by step instruction for installation. By adding a local alias domain, each SMTP server can be configured to accept mail for multiple domain name system (DNS) domains. Additionally, a user can add remote domains that specify specific connection settings to be used when the SMTP server attempts to deliver mail to those domains. This chapter also provides steps by step instruction required for various types of SMTP configurations such as configuring SMTP to accept mail for an additional domain, send HELO command instead of EHLO command, forward all mail to smart host, and configuring SMTP server folders. It also discusses about SMTP virtual server security highlighting its uses and necessary configurations and settings required to make it secure. Finally the chapter describes all the major configuration options of POP3 focusing on securing the POP3 server.