9.8. ResourcesThe following sources of information address not only security but also many other important aspects of SMTP and MTA configuration. 9.8.1. SMTP InformationRFC 2821, "Simple Mail Transfer Protocol." (ftp://ftp.isi.edu/in-notes/rfc2821.txt) Useful for making sense of mail logs, SMTP headers, etc. Shapiro, Gregory Neil. "Very brief introduction to create a CA and a CERT." (http://www.sendmail.org/~ca/email/other/cagregl) A bare-bones procedure for generating a Certificate Authority certificate, generating server/client certificates, and using the CA certificate to sign server and client certificates. Handy for people who want to use X.509 mechanisms such as STARTTLS without becoming X.509 gurus. 9.8.2. Sendmail InformationCostales, Bryan, with Eric Allman. sendmail, Sebastopol, CA: O'Reilly, 1997. The definitive guide to Sendmail. Chapters 19 and 34 are of particular interest, as they concern use of the m4 macros. Most of the rest of this weighty tome covers the ugly insides of sendmail.cf. Fennelly, Carole. "Setting up Sendmail on a Firewall, Part III." Unix Insider 06/01/1999 (http://www.itworld.com/Net/3314/swol-0699-security/) Excellent article on running Sendmail 8.9 and later in a chroot environment. Allman, Eric and Greg Shapiro. "Securing Sendmail." (http://www.sendmail.net/000705securitygeneral.shtml) Describes many built-in security features in Sendmail and offers security tips applicable to most Sendmail installations. Durham, Mark. "Securing Sendmail on Four Types of Systems." (http://www.sendmail.net/000710securitytaxonomy.shtml) Durham, Mark. "Using SMTP AUTH in Sendmail 8.10." (http://www.sendmail.net/usingsmtpauth.shtml) "Using New AntiSpam Features in Sendmail 8.10." (http://www.sendmail.net/810usingantispam.shtml) "SMTP STARTTLS in sendmail/Secure Switch." (http://www.sendmail.org/~ca/email/starttlsl) http://mail-abuse.com/services/mds-rbll Home of the Realtime Blackhole List, which is a list of known sources of UCE. 9.8.3. Postfix Informationhttp://www.postfix.org The definitive source for Postfix and its documentation. http://msgs.securepoint.com/postfix/ Archive site for the Postfix mailing list. Koetter, Patrick Ben. "Postfix SMTP AUTH (and TLS) HOWTO." (http://postfix.state-of-mind.de/patrick.koetter/smtpauth/) Dent, Kyle D. Postfix: The Definitive Guide. Sebastopol, CA: O'Reilly, 2003. Handy book on Postfix, reviewed and approved by Wietse Venema. 9.8.4. IMAP Informationhttp://asg.web.cmu.edu/cyrus/imapd/ Cyrus IMAP home page: source, documentation, etc. http://www.arrayservices.com/projects/Exchange-HOWTO/html/book1l The Exchange Replacement HOWTO, an excellent reference for using Cyrus Imap with LDAP http://www.courier-mta.org/imap/ Courier IMAP home page http://www.washington.edu/imap/ UW IMAP home page Mullet, Dianna, and Kevin Mullet. Managing IMAP. Sebastopol, CA: O'Reilly, 2000. Excellent book on IMAP server administration |