Email Server Software

In a typical FTP session, the user is sitting in front of one host (the local host) and wants to transfer files to or from a remote host. In order for the user to access the remote account, the user must provide a user identification and a password. After providing this authorization information, the user can transfer files from the local file system to the remote file system and vice versa. The user interacts with FTP through an FTP user agent. The user first provides the hostname of the remote host, causing the FI’P client process in the local host to establish a TCP connection with the FTP server process in the remote host. The user then provides the user identification and password, which an sent over the TCP connection as part of FTP commands. Once the server has authorized the user, the user copies one or more files stored in the local file system into the remote tile system (or vice versa).

HTTP and FTP are both file transfer protocols and have many common characteristics; for example, they both run on top of TCP. However, the two application-layer protocols have some important differences. The most striking difference is that FTP uses two parallel TCP connections to transfer a file, a control connection and a data connection. The control connection is used for sending control information between the two hosts–information such as user identification, password, commands to change remote directory,-and commands to “put” and “get” files. The data connection is used to actually send a file, Because FTP uses a separate control connection, FTP is said to send its control information out-of-band. We’ll see that the RTSP protocol, which is used for controlling the transfer of continuous media such as audio and video, also sends its control information out-of-band. HTI’P, as you recall, sends request and response header lines into the same TCP connection that carries the transferred file itself. For this reason, HTTP is said to send its control information In-band. In the next section we’ll see that SMTP, the main protocol for electronic mail, also sends control information in-band.

When a user start p )9P session with a remote host, the client side of FTP (user) first initiates a control TCP connection with the server side (remote host) on server port number 21. The client side of F1′P sends the user identification and password over this control connection. The client side of FTP also sends, over the control connection, commands to change the remote directory. When the server side receives a command for a file transfer over the control connection (either to, or from, the remote host), the server side Initiates TCP data connection to the client side? FTP send exactly one file over the data connection and then closes the data connection If, during the same session the user wants to transfer another file FTP open another data connection. Thus, with FTP, the control connection remains open throughout the duration of the user session, but a new data connection is created for each file transferred within a session (that is. the data connections arc non-persistent).

Throughout a session, the FTP server must maintain state about the user In particular, the server must associate the control connection with a specific user account, and the server must keep track of the user’s current directory as the user wanders i put the remote directory tree. Keeping track of this state information for each ongoing user session significantly constrains the total number of sessions that FTP? can maintain simultaneously. Recall that HTTP, on the other hand , is stateless–it does not have to keep track of any user state.

Bookmark It

Hide Sites

Providing security against email related threats has become a burden for most IT professionals in 2006. According to a recent study by Postini, spam and email viruses now make up to 80% of all emails sent out as compared to 50% in 2000. As a result, IT professionals now face a tougher challenge in providing network security for this amount of spam. IT professionals also have the disadvantage of defending against new forms of email threats such as spam zombies, directory harvest attacks, mass mailing trojans, as well as the latest email virus.

In this article, I have listed the seven most effective spam fighting tips for organizations with in-house mail servers. These seven tips are proven techniques I have used for my customers, partners and associates who wish to tighten their perimeter (network) security.

Firewall:
A firewall is your first line of defense against hackers, crackers, and spammers. Without a firewall, your network is a disaster waiting to happen and could give any novice hacker free reign over your network. If your organization has multiple Internet users, this tool is essential for securing your network.

Block Port 25:
On your firewall, allow outbound traffic on TCP port 25 for all mail servers. Block traffic on outbound TCP port 25 for all other computers and servers. On the Internet, TCP port 25 is used for email traffic through SMTP (Simple Mail Transport Protocol). Blocking this port is a good security practice and prevents mass mailing worms and spam zombies from sending mail from your users’ computers.

Managed Email Filtering:
Consider using a managed filtering solution such as Postini, Brightmail, or SpamSoap. Managed Email Filtering services quarantine spam, viruses, and email threats before reaching the email servers on your network. In comparison to desktop filters and server appliances, managed filtering services provide superior perimeter (network) protection by preventing delivery of spam and viruses to your network and servers.

Check Relay Setting:
A mail server’s relay setting controls which computers and servers are able to send SMTP email on your organization’s behalf. Check your settings and limit the IP address range to email users on your local network. Some mail servers have settings to limit email relay through authentication. If authentication-based relay is available, setup and configure it too. NOTE: If the relay is not set properly, spammers will be able to send email from your mail server. This exploit is commonly known as an “Open Relay” or a “Spam Relay.” Use the Open Relay test at http://www.abuse.net/relay.htm to check if spammers can relay mail from your server.

Black Lists:
Setup your mail server(s) with a black list. A black list (black hole list) is a database or listing of known spam sources. Most modern email servers can be configured to query inbound email against online blacklists. Messages originating from these sources can then be blocked. I recommend configuring your email server with SpamHaus blacklist. Spamhaus.org is an excellent free service to use. Some other good blacklists are DBSL and SpamCop.

Reverse DNS:
Reverse DNS (rDNS) associates an IP Address with a Domain Name. Most mail servers, as an anti-spam feature, often use a reverse DNS lookup to compare an email address domain name with its IP address. If the IP address found from the rDNS lookup does not match the domain name, it is probably spam. If you haven’t done so, setup and configure reverse DNS records on your DNS server.

Anti-Virus Scan:
There are many tools that provide adequate anti-virus protection for desktops at the workplace. Most anti-virus software is good at detecting viral threats that proliferate email spam such as mass mailing worms, trojans, and directory harvesters. Large organizations might want to use enterprise anti-spam software with management and monitoring tools that will allow tracking of network virus outbreaks.

Recommended Links:
- http://www.spam-x.com [Postini service - managed filtering, 1 to 500 users]
- http://www.postini.com [Postini service - managed filtering, 500+ users]
- http://www.spamhaus.org [Blacklist]
- http://www.dbsl.org [Blacklist]
- http://www.spamcop.net [Blacklist]
- http://www.abuse.net/relay.htm [Open relay test]
- http://www.dnsreport.com [DNS report/open relay test]
- http://www.dnsstuff.com [Spam database lookup and open relay test]
- http://www.cnn.com/2004/TECH/ptech/02/17/spam.zombies.ap [Spam Zombie Article]

Email viruses and related threats delivered through spam have cost businesses billions of dollars in expenses and lost productivity. Each spam email sent or received from your domain costs your organization money and bandwidth. By implementing these seven tips, your organization can reduce spam and recover costs.

This article: © Copyright 2006 Todd Green and free for republishing.

Bookmark It

Hide Sites

We have just learned that network processes communicate with each other by sending messages into sockets. But how are these messages structured? What are the meanings of the various fields in the messages? When do the processes send the messages? These questions bring us into the realm of application-layer protocols. An application-layer protocol defines how an application’s processes, running on different end systems, pass messages to each other. In particular, an application-layer protocol defines:

Some application-layer protocols are specified in RFCs and are therefore in the public domain. For example, the Web’s application-layer protocol, HTTP (the Hyper Text Transfer Protocol (RFC 2616]), is available as an REC. If a browser developer follows the rules of the HTTP RFC, the browser will be able to retrieve Web pages from any Web server that has also followed the rules of the HTTP RFC.

Many other application-layer protocols are proprietary and intentionally not available in the public domain. For example, many existing P2P file-sharing systems use proprietary application-layer protocols.

It is important to distinguish between network applications and application- layer protocols. An application-layer protocol is only one piece of a network application. Let’s look at a couple of examples. The Web is a client-server application that allows users to obtain documents from Web servers on demand. The Web application consists of many components, including a standard for document formats (that is, HTML), Web browsers (for example, Firefox and Microsoft Internet Explorer), Web servers (for example, Apache and Microsoft servers), and an application-layer protocol. The Web’s application-layer protocol, H’I’ defines the format and sequence of the messages that are passed between browser and Web server. Thus, HTTP is only one piece (albeit, an important piece) of the Web application. As another example, an Internet e-mail application also has many components, including mail servers that house user mailboxes; mail readers that allow users to read and create messages; a standard for defining the structure of an e-mail message; and application-layer protocols that define how messages are passed between servers, how messages are passed between servers and mail readers, and how the contents of certain parts of the mail message (for example, a mail message header) are to be interpreted. The principal application-layer protocol for electronic mail is SMTP (Simple Mail Transfer Protocol) [RFC 2821]. Thus, e-mail’s principal application-layer protocol, SMTP, is only one piece (albeit, an important piece) of the e-mail application.

Bookmark It

Hide Sites

Email encryption is a term that refers to the encryption as well as the authentication of email or electronic mail messages. Most commonly, email encryption is designed to rely on what is known as public key cryptography. There are a number of popular protocols that are used for the purpose of email encryption, the most notable of which are mail session encryption, identity based encryption, Open PGP encryption, TLS encryption and S/MIME encryption.
- Mail Session Encryption – This involves using a STARTTLS SMTP extension, which is a TLS layer that is on top of an SMTP connection. It is capable of protecting mail traffic from being sniffed while it is being transmitted, but this does not actually involve encrypting the actual email because the content inside the email messages is capable of being revealed to, and thusly tampered with, by the email relays that are involved. The encryption, then, actually occurs between the individual SMTP relays rather than between the individual sender and recipient. When both of the relays offer support for STARTTLS, then it is capable of being used regardless of whether or not another protocol is being used to encrypt the contents of the email.
- Identity Based Encryption is a form of public key cryptography that is designed and implemented to use unique information regarding the identity of the user such as their email address as the public key. The public key may also be a text value such as the domain name or name or its associated IP address for example.
- Open PGP – PGP stands for Pretty Good Privacy, and Open PGP is a computer program designed to provide cryptographic privacy as well as authentication. It is often utilized for the purpose of signing, decrypting or encrypting emails in order to increase the level of security for email communication.
- TLS – TLS stands for Transport Layer Security, and it is the successor to Secure Sockets Layer or SSL. These are cryptographic protocols designed to provide data integrity and security for network communications such as through the internet. There are a number of different versions of these protocols that see wide spread use including web browsing, internet faxing, electronic mail, VoIP and instant messaging.
- S/MIME – S/MIME is an acronym that stands for Secure Multipurpose Internet Mail Extensions, and this is a standard that is used for signing email and public key encryption of email that is encapsulated in MIME.
A Private Email Network , PEN is a secure pathway that employs highly effective encryption, without requiring complex programs, certificates or servers. Secure messages use existing e-mail address and can be created and read in any systems. Email2 is a business communication platform that enables security for your organization and creates a Private Email Network
Each of these email encryption protocols, mail session encryption, identity based encryption, Open PGP encryption, TLS encryption and S/MIME encryption are used for different purposes and some apply not only to email encryption but also to other types of encryption including internet browsing and instant messaging encryption depending on the method and mode of communication.

Bookmark It

Hide Sites