Table of Contents
- Title and Copyright Information
- Preface
- 1 Messaging Server Security Overview
-
2
Planning Messaging Server Security
- Protecting Messaging Components in Your Deployment
-
Planning Messaging User Authentication
- Plain Text and Encrypted Password Login
- Authentication with Simple Authentication and Security Layer (SASL)
- Enabling Authenticated SMTP
- Certificate-based Authentication with Secure Sockets Layer (SSL)
- Client-based Authentication with Secure Sockets Layer (SSL)
- Third-Party Authentication Server Support
- Planning Message Encryption Strategies
- Planning a Messaging Server Anti-spam and Anti-virus Strategy
- 3 Performing a Secure Messaging Server Installation
-
4
Implementing Messaging Server Security
-
Security Features
-
Messaging Server Security Strategy for your Deployment
- Creating a Security Strategy
- Identifying Password Policy Requirements
- Verifying File Ownership for Configuration Files
- Securely Monitoring and Auditing Your Messaging Server Deployment
- Tracking Security Patches
- Identifying Legal-intercept Requirements
- Securing Your Archiving Needs
- Disabling Users in Response to Abuse/Appeal Process
- Utilizing a Disk Consumption Growth Plan
- Preventing Unrelated Usage of Messaging Server Hosts and Virtual Machines
- Determining Security Capabilities of Your Supported Mail Clients
-
MTA Security Guidelines
- About Messaging Server Anti-spam and Anti-virus Solutions
- Creating a Narrow Scope of MTA Relay Blocking in INTERNAL_IP Mapping Table
- Using LMTP to Connect to Inbound MTAs and in Multi-tier Deployments
- Greylisting
- Forbidding Emailing Executable Code
- Using and Configuring MeterMaid for Access Control
- Using and Configuring memcache for Access Control
- Setting MTA Recipient Limits
- Using Sieve Securely
- Using the MTA to Fix Messages from Bad Clients
- Configuring Secure ETRN Command Support
- Storing BadGuy Details in Memcached Server
- ENS Security Guidelines
- Message Store Security Guidelines
- MMP Security Guidelines
- User Authentication Guidelines
- Message Encryption Guidelines
-
Messaging Server Security Strategy for your Deployment
- Security Considerations for Developers
-
Security Features
- 5 Using Role-Based Access Control
-
6
Protecting Against Email Spammers
- Overview of Email Spammers and Compromised User Accounts
- Preventing Outbound Spam: Proactive Methods
- Preventing Outbound Spam: Reactive Measures
- Setting Up a No Phishing Zone
- Recovering From Phishing Attacks That Have Compromised User Accounts
- Greylisting Webmail
- HTML Filtering in Convergence
- Domain Keys Identified Mail (DKIM)
-
7
Security and Access Control in Messaging Server
- About Server Security
- Configuring Authentication Mechanisms in Messaging Server
- Configuring Client Access to POP, IMAP, and HTTP Services
- Configuring Encryption and Certificate-Based Authentication
- User/Group Directory Lookups Over SSL
-
8
Certificate-Based Authentication for Messaging Server
- Introduction: SSL/TLS, Client Certificates and CRLs
- SSL/TLS Tools Available in Messaging Server Installer
- Certificate and Key Storage
- SSL/TLS Configuration
-
SSL/TLS Tasks
- How to Create and Install a Self-signed CA Certificate and Key
- How to Create and Install a CA-signed Server Certificate and Key
- How to Create a CA-signed Client Certificate and Key
- How to Test a CA-signed Client Certificate and Key
- How to Create and Install a CRL for a Client Certificate
- How to Test a CRL for a Client Certificate
- How to Look Up Numeric SSL/TLS Error Codes
- Sample Protocol Sessions with Client Certificate Authentication
- SSL/TLS Best Practices
-
Messaging Server and SSL/TLS: Known Limitations
- Administrative Proxy with a Certificate
- Proxy IMAP Authentication Limitations
- Proxy MMP (IMAP/POP/SMTP-Submission) Authentication Limitations
- Internal Protocols Lacking Support for SSL and/or Authentication
- Disabling Passwords-Over-SSL
- Hosting Multiple Domains with SSL
- CRL Updates and OCSP
- Time Delay for Updates to CRLs or New Certificates
- References
-
9
Configuring Messaging Server and Solaris Cryptographic Framework
- About the Solaris Cryptographic Framework
- Configuring Messaging Server for SSL
- Configuring Individual Messaging Processes for SSL
-
Configuring the Solaris Cryptographic Framework (SCF)
- Setting Up the SCF Software Token Pin
- Administering the Cryptographic Framework by Using cryptoadm
- Configuring the SCF Provider
- Adding the Solaris Cryptographic Framework as a Service Provider
- Enabling the Slot Named Sun Metaslot
- Exporting the Certificate/Key Pairs From the NSS Soft Token
- Importing the Key/Certificate Pairs to the Sun Metaslot (SCF)
- Verifying the Successful Importation of the Certificate/Key Pairs
- Configuring Messaging Server to Use the External Token