About Server Security

Server security encompasses a broad set of topics. In most enterprises, ensuring that only authorized people have access to the servers, that passwords or identities are not compromised, that people do not misrepresent themselves as others when communicating, and that communications can be held confidential when necessary are all important requirements for a messaging system.

Perhaps because the security of server communication can be compromised in many ways, there are many approaches to enhancing it. This chapter focuses on setting up encryption, authentication, and access control. It discusses the following security-related Messaging Server topics:

• User ID and password login: requiring users to enter their user IDs and passwords to log in to IMAP, POP, HTTP, or SMTP, and the use of SMTP password login to transmit sender authentication to message recipients.

• Encryption and authentication: setting up your server to use the TLS and SSL protocols to encrypt communication and authenticate clients.

• Administrator access control: using the access-control facilities of the Console to delegate access to a Messaging Server and some of its individual tasks.

• TCP client access control: using filtering techniques to control which clients can connect to your server’s POP, IMAP, HTTP, and authenticated SMTP services.

Not all security and access issues related to Messaging Server are treated in this chapter. Security topics that are discussed elsewhere include the following:

• Physical security: Without provisions for keeping server machines physically secure, software security can be meaningless.

• Message-store access: You can define a set of message-store administrators for the Messaging Server. These administrators can view and monitor mailboxes and can control access to them. For details, see Chapter 18, Managing the Message Store

• End-user account configuration: End-user account information can be primarily maintained by using the Delegated Administrator product (valid only for Sun LDAP Schema 1). You can also manage end-user accounts by using the Console interface.

• Filtering unsolicited bulk email (UBE): See Chapter 17, Mail Filtering and Access Control

• Secure Multipurpose Internet Mail Extensions (S/MIME) is described in Chapter 20, Administering S/MIME for Communications Express Mail.

There are a large number of documents that cover a variety of security topics. For additional background on the topics mentioned here and for other security-related information, see documentation web site at http://docs.sun.com.