Security Considerations

Julian Field mailscanner at ecs.soton.ac.uk
Thu Jul 18 15:26:40 IST 2002 

At 13:52 18/07/2002, you wrote:
>1) When using Mailscanner in a proxy configuration (i.e.: when your real
>mail server is a Windows mail server, or in a different firewalled zone),
>one of the requirements is to go to the access file and enable relaying for
>the local domain (i.e.: mydomain.com).  Is this safe?  Or in other words, do
>sendmail/mailscanner/spamassassin already have sufficient built-in
>protections to prevent a hacker from passing itself as being in the domain
>mydomain.com?  It is a logical thing for a hacker to try, and if successful
>he'd be able to use my mail proxy as a relay agent for his spam to other
>sites.

This should be safe. The security is all down to sendmail, MailScanner
doesn't get involved with the mail security or delivery at all (I designed
it that way to give you less things to have to worry about).

>2) If a true spam is received, it is desirable to delete it with no reply so
>that no hints are given to the spammers that they should try to camouflage
>their spam better.  On the other hand when a good email is received it
>should be delivered.  Nothing special so far.  But what about when a spam is
>questionable?  Should the message be dropped silently, dropped with a
>notification to the sender, delivered to the recipient with a "possible
>spam" indication,...?  I am sure a lot of thinking and discussion has been
>done in this arena.  Could you share what today's "common wisdom" is in
>handling this issue?  And perhaps some pointers as to which configuration
>files/items to modify to accomplish it?

You could use SpamAssassin, and set the "High Score" action to "delete",
but set the normal spam action to "deliver". That way questionable spam
will be tagged and delivered, but mail which is *definitely* spam will be
quietly deleted. The sender will have no indication to say it wasn't
delivered, so they will think it got through successfully.

>3) Although it is best to have a separate outbound SMTP server, I am
>considering using the  same box that has mailscanner for outbound SMTP as
>well, to avoid having to install yet another box.  I am aware that this will
>probably cause mailscanner to scan outgoing as well as inbound email but my
>mail load is low.  Is there any reason other than processor load why I
>should not do this?

Personally, I don't think there's anything very dangerous about doing that.

>4) Once I finish setting up my mail proxy I intend to secure it quite
>tightly and test it for vulnerabilities before opening the inbound SMTP
>firewall port to it.  I have collected a list of vulnerability-testing
>tools, but I was wondering if there is one that is particularly good at
>testing for SMTP vulnerabilities.  Can you recommend one?  If you are
>uncomfortable posting this kind of information to a mailing list, feel free
>to email it directly to me.

I use "Nessus" which is available from "www.nessus.org". That currently
knows about 995 different vulnerabilities, which is more than the
commerical products...
--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list