Like this CertiGuide? Get it in PDF format!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search

Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)
      9  3.5  Security Baselines
           9  3.5.3  Application Hardening

Previous Topic/Section  Web Servers
Previous Page
Pages in Current Topic/Section
Next Page  FTP Servers
Next Topic/Section  Email Servers

Email servers actually run two different types of protocols. The first type is SMTP (Simple Mail Transfer Protocol), which is used to transfer mail from server to server on the Internet, or to send mail from a client program like Outlook to a server that can deliver the message to its destination. Clients use the second type of protocol to pick up their mail from an email server. These protocols include mailbox-access protocols like POP3 (Post Office Protocol version 3) and IMAP (Internet Message Application Protocol). POP3 is more popular (and better supported by client programs) than IMAP, but IMAP includes additional features like the ability to organize email into folders on the server, and search server mailboxes without downloading their contents to the client.

Email Ports

To send email from server to server, or from client to server, TCP port 25 (SMTP) is used.

For a client to retrieve email from a server, use TCP port 110 for POP3 connections, and TCP port 143 for IMAP connections. For a client behind a firewall to retrieve email from a server out on the Internet, open port 110 or 143 in the outbound direction, since the traffic is outbound from your network to the Internet. To allow Internet clients to retrieve mail from a server on your internal network, open port 110 or 143 inbound, since the traffic is coming into your network from outside.

Hardening Email Servers

Email server software is, like web server software, a fertile ground for software bugs – some of which can be exploited to gain administrative access to the email server. Therefore, it is very important to keep up with your email server of choice, and monitor the vendor’s site and security mailing lists for bug reports.

[spacer]Hardening is an Ongoing Process

For example, years ago, there was a running joke about the “Sendmail bug of the week,” because Sendmail is a complex application and new vulnerabilities were being identified in the program with such great frequency. Today many Microsoft applications seem to have comments like that applied to them, and it’s easy for Linux/UNIX users to look down upon them for that – not having been around when administrators were shaking their heads, wondering when the stream of Sendmail reports would end.

Additionally, some email servers provide a great deal of functionality beyond simple mail delivery, such as interactive conferencing, instant messaging and groupware. As with any server, disable any functionality you do not need, because it is an additional point of vulnerability in the server.


One interesting issue with the SMTP protocol is the ability of an attacker to use an SMTP server to find user ID’s of users on your system via the SMTP VRFY command. Most mail servers have this disabled today (in fact, most servers can detect telnet connections and deny them), but some don’t. To find out if yours still allows VRFY, use the command “telnet yourmailservername 25”, then type the line “HELO test” and press enter, then after the server tells you it’s pleased to make your acquaintance (a social lot, mail server programmers ;-), type “VRFY yourloginID” and enter. You’re safe if you receive a reply saying that the VRFY command is not known or not allowed. You need to check with your vendor on how to disable it, if the VRFY came back with information. The SMTP command “EXPN yourloginID” has similar issues, but it’s somewhat worse – because if the SMTP server handles group alias expansion, a command of the form “EXPN aliasname” could potentially dump out to the requesting user, a list of all users in that alias.

Open Source Email Security371, by Richard Blum, contains many details on security for common email server programs; including SMTP, POP3 and IMAP servers, as well as details on blocking spam, open relays, etc. If you’re implementing a UNIX or Linux-based email system, it’s worth taking a look here to learn more about the many available alternatives. (Sendmail is the most popular SMTP server… not the only one.)


371. Blum, Richard, Open Source Email Security, Sams, October, 2001,

Previous Topic/Section  Web Servers
Previous Page
Pages in Current Topic/Section
Next Page  FTP Servers
Next Topic/Section

If you find useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $

Home - Table Of Contents - Contact Us

CertiGuide for Security+ ( on
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al. Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.