Security Issues in Running an Email

This paper discusses security topics with respect to administering an email system. It starts discussing system hardening (CIS security benchmarks, disabling services, TCP wrappers, Tripwire, logging, etc.) from the perspective of an email system sysadmin. Then it discusses anti-virus software and why quarantining, cleansing, notifying are the wrong approach. Instead, messages containing viruses should be rejected during the SMTP protocol. It details how the SMTP protocol works and how a sendmail mail filter ('milter') can be used to reject messages containing viruses. The milter is included as an appendix. The last section discusses quotas on mail accounts and why blocking rather than queuing/retrying is the best policy both for the user the system and for security.