Saturday, January 7, 2012

Mail Transport Protocols





Mail delivery from a client application to the server, and from an originating server to the destination server, is handled by the Simple Mail Transfer Protocol (SMTP).



 

SMTP:-

The primary purpose of SMTP is to transfer email between mail servers. However, it is critical for email clients as well. To send email, the client sends the message to an outgoing mail server, which in turn contacts the destination mail server for delivery. For this reason, it is necessary to specify an SMTP server when configuring an email client.

Under Red Hat Enterprise Linux, a user can configure an SMTP server on the local machine to handle mail delivery. However, it is also possible to configure remote SMTP servers for outgoing mail.
One important point to make about the SMTP protocol is that it does not require authentication. This allows anyone on the Internet to send email to anyone else or even to large groups of people. It is this characteristic of SMTP that makes junk email or spam possible. Modern SMTP servers attempt to minimize this behavior by allowing only known hosts access to the SMTP server. Those servers that do not impose such restrictions are called open relay servers.
By default, Sendmail (/usr/sbin/sendmail) is the default SMTP program under Red Hat Enterprise Linux. However, a simpler mail server application called Postfix (/usr/sbin/postfix) is also available.

What is Email Protocols



Today, email is delivered using a client/server architecture. An email message is created using a mail client program. This program then sends the message to a server. The server then forwards the message to the recipient's email server, where the message is then supplied to the recipient's email client.
To enable this process, a variety of standard network protocols allow different machines, often running different operating systems and using different email programs, to send and receive email.
The following protocols discussed are the most commonly used in the transfer of email.

Why Use a Linux Mail Server

                       Why use a Linux mail server? Check out the some of the advantages below.
  • Supports POP3, IMAP and Web mail access. These are standard services that ideally should be available in any mail system for flexible email access.
  • Is extremely fast, reliable and scalable. Linux performs well and its uptime is very, very good.
  • Does not require expensive hardware. Thanks to its fast and efficient services, expensive high end hardware is not necessary.
  • Is very secured. The Linux operating system is very difficult to exploit. TheNational Security Agency even contributed to allow Linux to support even stronger levels of security.
  • Has a powerful anti-spam filter. SpamAssassin uses a wide variety of local and network tests to identify spam signatures.
  • Has an effective and regularly updated anti-virus. The open source nature of Clam Antivirus allows it to respond to new viruses even faster than commercial antivirus softwares.
  • Has small to zero (as in free) software cost depending on your support needs. Depending on your support needs, you have the option of using a community supported Linux or a company supported one.
  • Works with Microsoft Active Directory. You can integrate Microsoft Active Directory user accounts and distribution list into your Linux mail server to simplify administration.

Friday, January 6, 2012

Worm steals 45,000 Facebook passwords, researchers say



More malware is worming its way onto social networks.
  A computer worm has stolen 45,000 login credentials from Facebook, security experts have warned.
The data is believed to have been taken largely from Facebook accounts in the UK and France, according to security firm Seculert.
The culprit is a well-known piece of malware - dubbed Ramnit - which has been around since April 2010 and has previously stolen banking details.
Facebook told the BBC that it was looking into the issue.
The latest iteration of the worm was discovered in the labs of security firm Seculert.
"We suspect that the attackers behind Ramnit are using the stolen credentials to login to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further," said the researchers on the firm's blog.

"In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services to gain remote access to corporate networks," it added.

'Viral power'

Social networks offer rich pickings for hackers because of the huge amount of personal data that is stored on them. Increasingly malware is being updated for the social networking age.

"It appears that sophisticated hackers are now experimenting with replacing the old-school email worms with more up-to-date social network worms. As demonstrated by the 45,000 compromised Facebook subscribers, the viral power of social networks can be manipulated to cause considerable damage to individuals and institutions when it is in the wrong hands," said Seculert.

According to Seculert, 800,000 machines were infected with Ramnit from September to the end of December 2011.

Microsoft's Malware Protection Center (MMPC) described Ramnit as "a multi-component malware family which infects Windows executable as well as HTML files... stealing sensitive information such as stored FTP credentials and browser cookies".

In July 2011 a Symantec report estimated that Ramnit worm variants accounted for 17.3% of all new malicious software infections.

For Facebook users concerned that they have been affected by the worm, the advice is to run anti-virus software.

"It won't necessarily be obvious that you have been attacked. The worm is stealing passwords so it is not going to announce itself," said Graham Cluley, senior security consultant at Sophos.