giao trinh thu tin dien tu
DESCRIPTION
MIME, S/MIME, giáo trình an toàn thư tín điện tử, giao trinh an toan thu tin dien tu, smtp, pop, imap, quét virut hiệu quả,...TRANSCRIPT
TRNG I HOC CNG NGH THNG TIN V TRUYN THNGB MN AN TON H THNG THNG TIN
TP BI GING
AN TON TH IN T
THI NGUYN 2014
MC LC
MC LC2CHNG 15H THNG TH TN IN T V CC VN AN TON51.1. H thng th tn in t51.1.1. Lch s pht trin51.1.2. H thng th tn in t61.2. Cc him ho i vi th tn in t71.2.1. Him ho b c ln71.2.2. Vn thu thp91.2.3. Phn tch ng truyn101.2.4. Gi mo121.2.5. Bom th13CHNG 215CC GIAO THC S DNG CHO TH TN152.1. Cc ch hot ng trm - ch trong th tn152.2. M rng th tn Internet a mc tiu (MIME)162.3. Cc chun truyn th172.3.1. Gii thiu172.3.2. Giao thc truyn th n gin (SMTP)182.3.3. Cc m rng ca giao thc truyn th n gin282.4. Cc chun Client nhn th302.4.1. Gii thiu302.4.2. Giao thc nhn th POP3302.4.3. Giao thc truy nhp thng bo Internet (IMAP)372.4.4. So snh IMAP v POP45CHNG 347AN TON NG DNG MY CH TN V NI DUNG TH473.1. An ton ng dng my ch th tn473.1.1. Ci t my ch th tn an ton473.1.2. Cu hnh an ton ng dng my ch th tn483.2. Bo v th tn in t khi m ph hoi503.2.1. Qut Virus513.2.2. Lc ni dung583.2.3. Cc vn lin quan n lc ni dung593.3. Ngn nga vic gi th hng lot603.4. Chuyn tip th c xc nhn623.5. Truy nhp an ton623.6. Truy nhp th thng qua Web633.7. Bng lit k cc danh mc64CHNG 467AN TON TH TRN MY TRM674.1. Ci t, thit lp cu hnh, s dng cc ng dng trm an ton674.1.1. Lp l hng v cp nht phn mm trm674.1.2. Trm th an ton684.1.3. Xc thc v truy nhp694.1.4. An ton i vi h thng x l ca my trm704.2. An ton cho cc thnh phn cu thnh ni dung th714.3. Truy nhp cc h thng th tn in t da trn Web724.4. Bng lit k danh mc73CHNG 576QUN TR AN TON MT MY CH TH765.1. Hoch nh qun tr an ton cc my ch th765.1.1. Hoch nh vic ci t v trin khai my ch th765.1.2. Cc i tng qun tr c ch an ton785.1.3. Thc hnh qun tr805.1.4. Hoch nh an ton h thng825.1.5. Vn con ngi trong vic an ton cho my ch th835.1.6. Cc nguyn tc c bn cho an ton h thng thng tin845.2. Qun tr an ton mt my ch th855.2.1. Nht k855.2.2. Cc th tc sao chp d phng my ch th885.2.3. Kim tra c ch an ton ca cc my ch th915.2.4. Qun tr t xa mt my ch th945.2.5. Bng lit k cc danh mc qun tr an ton my ch th95CHNG 698AN TON TH TN S DNG MT M986.1. Gii thiu cc lc an ton th986.2. Pretty Good Privacy996.3. S/MIME1026.4. La chn m php tng ng1046.5. Qun l kha1056.6. S la chn gia PGP v S/MIME106TI LIU THAM KHO107
CHNG 13H THNG TH TN IN T V CC VN AN TON1.1. H thng th tn in t1.1.1. Lch s pht trinTheo thng k n thng mt nm 2000, c khong 242 triu ngi s dng Internet. Trong hu ht s ngi s dng Internet u c ti khon th tn in t trn mt hoc nhiu h thng th tn khc nhau. Khi ngun ca bc pht trin nhy vt trn xut pht t nm 1971 khi Ray Tomlinson thc hin gi thnh cng mt thng bo th tn in t ARPANET u tin.ARPANET l mt d n ca ARPA Hoa K nhm pht trin cc giao thc truyn thng lin kt cc ngun ti nguyn trn cc vng a l khc nhau. Cc ng dng x l thng bo cng c thit k trong cc h thng ca ARPANET, tuy nhin chng ch c s dng trong vic gi cc thng bo ti ngi dng trong ni b ca mt h thng. Tomlinson sa i h thng x l thng bo ngi s dng c th gi cc thng bo cho cc i tng nhn khng ch trong mt h thng m trn cc h thng ARPANET khc. Tip theo s ci tin Tomlinson, nhiu cng trnh nghin cu khc c tin hnh v th tn in t nhanh chng tr thnh mt ng dng c s dng nhiu nht trn ARPANET trc y v Internet ngy nay.1.1.2. H thng th tn in tVy trong cc h thng th tn, th in t c son tho, phn phi v lu tr nh th no tin li cho vic thit lp c ch an ton. i vi hu ht ngi s dng th in t u nm na hiu rng gi mt thng ip th in t ban u l vic son tho ni dung sau ni dung thng ip in t s c gi t h thng ca ngi dng n hp th ca i tng nhn. Nghe th c v n gin nhng cc thao tc chuyn mt th in t cng khng km phn phc tp so vi khi chuyn mt th thng thng, n cng c x l qua rt nhiu cng on trung gian trc khi n c vi i tng nhn.Qui trnh x l bt u vi vic son tho ni dung th. Hu ht cc ng dng th my ngi s dng u yu cu ngi dng nhp mt s trng chnh nh: ch , ni dung, i tng nhn, ... Khi vic nhp cc trng ny hon tt, ngi s dng thc hin thao tc gi th, th cn gi s c chuyn i sang mt nh dng chun xc nh bi RFC 822 (Standard for the Format of ARP Internet Text Messages). V cn bn thng bo sau khi chuyn i gm hai phn: phn tiu (header) v phn thn (body). Phn tiu gm mt s thng tin nh: thi gian gi, i tng gi, i tng nhn, ch , thng tin v nh dng, ...Phn thn chnh l ni dung ca th.Khi mt th in t c chuyn i sang nh dng RFC 822 th n c th c truyn i. S dng kt ni mng, cc trnh th in t trn cc my trm (gi l cc MUA - Mail User Agent) c kt ni n MTA (Mail Transport Agent) hot ng trn my ch th tn. Sau khi kt thc qu trnh kt ni, MUA cung cp nh danh ca i tng gi cho my ch th tn. Tip theo MUA thng bo cho my ch th tn bit cc i tng nhn. Tt c cc thao tc trn c thc hin thng qua vic s dng cc lnh. Sau khi nhn xong nh danh cc i tng nhn th, t y vic phn phi th s do my ch qun l v thc hin.Khi my ch x l th, mt lot cc thao tc c thc hin: nh danh i tng nhn, thit lp kt ni, truyn th. S dng DNS my ch th tn thc hin chc nng gi xc nh i tng nhn. Qu trnh mt my ch th tn thit lp mt kt ni v truyn th ti mt hoc nhiu my ch khc c thc thi nh i vi mt my trm th thng thng. Ti thi im ny c th sy ra mt trong hai trng hp. Nu hp th ca i tng nhn v i tng gi trn cng mt my ch th tn, th s c phn phi s dng dch v phn phi cc b LDA. Nu hp th ca i tng nhn v i tng gi c t trn cc my ch th tn khc nhau, qu trnh thc hin gi c lp t MTA ny n MTA khc cho n lc n c hp th ca i tng nhn.Khi mt LDA qun l th th mt s tc v c thc hin. Ph thuc vo qu trnh thit lp cu hnh, LDA c th phn phi hoc x l th da trn ch lc th c nh ngha trc khi phn phi hay khng (ch lc th thng c thit lp da trn cc thuc tnh ca th). Mt khi th c phn phi, n s c a vo hp th ca i tng nhn lu v ch i tng nhn thc thi cc tc v trn n (nh c, xo, ...). M hnh di y m t ng i ca mt th in t qua cc thnh phn cp n trn. y l qui trnh thc thi vic gi th chung nht trong mt h thng th tn in t.
Hnh 1.1 H thng th tn in t1.2. Cc him ho i vi th tn in t1.2.1. Him ho b c lnCng nh i vi cc ng dng khc trn mng (cc phin ng nhp t xa, ti thng tin s dng ftp, hi thoi trc tuyn, ...), th tn in t cng c th b c ln. Nhng ai l i tng mun c ln ni dung th ca bn? Cu tr li ph thuc vo bn l ai, bn ang lm g, v ai quan tm n vic bn ang lm. Di y l mt vi i tng c th c ln th ca bn.1.2.1.1. Chnh ph nc ngoiCc t chc tnh bo qun s nc ngoi l cc i tng nghe trm vi nhng thit b tinh vi hin i nht. c trm ni dung th c nhn l ngh ca h. Khi bt u thi k chin tranh lnh, mi nm h u t nhiu t la cho vic thu thp, bin dch v phn tch d liu ca i phng gi qua mng. Hin ti khi thi k chin tranh lnh kt thc, nhng khng c g c th khng nh h khng thc hin nhng g h tng lm.Mi quan h gia qun i M v cc t chc tnh bo l mt mt quan h m m, c rt nhiu ng dng c xy dng bi qun i M hin ang c s dng trong lnh vc thng mi. mt s nc, mc tiu thu thp tin tc ca h l nhm vo cc cng ty nc ngoi, thng tin thu thp c s c s dng lm cng c cnh tranh cho cc cng ty thuc nc bn a. Nht Bn v Php l hai nc ni ting nht trong vic phm ti theo kiu ny, tt nhin cc nc pht trin khc cng hon ton c th lm c iu . V d NSA tng b buc ti l c hnh vi chn cc cuc in thoi gia hai nc Chu u n cp thng tin v bn cho cc i tng cnh tranh khc. 1.2.1.2. Chnh ph trong ncVic s dng gin ip cng ngh i vi cng dn nc mnh nhiu nht c bit n l cc nc nh Trung Quc, Bc Triu Tin, Cuba. i vi Php, chnh ph ch cho php m ho thng tin trao i gia cc cng dn vi nhau khi thut ton m v kho c cp bi c quan c thm quyn. Cn i vi i Loan v Hn Quc th h yu cu cc cng ty loi b vic s dng m ho thng tin trong cc cuc kt ni thoi, d liu, v FAX.Trong bn thn nc M, nhiu t chc thuc Chnh ph cng quan tm n vic c trm cc thng tin c nhn c trao i qua th in t. Chng hn i vi FBI, cc t chc dnh dng n chnh tr, ...1.2.1.3. Cnh tranh thng mi Vic kinh doanh c th b do thm bi cc cng ty cnh tranh. Cc thng tin i th cn quan tm y c th l danh sch khch hng, ni dung d n, k hoch trin khai, tim lc ti chnh, ... V d Coca-Cola c th tr hu hnh cho ai bit c k hoch qung co mi ca Pepsi, hng Ford cng c th lm nh vy trong vic bit c thng tin v mu xe mi ca mt hng sn xut xe hi khc.1.2.1.4. Ti phmCc i tng phm ti c th thu thp nhng thng tin c gi tr t th in t, c bit l loi ti phm kinh t. Cnh st nhiu nc pht hin ra vic b in t c gn bt hp php trn cc knh in thoi nhm gim st v nghe trm thng tin v s th tn dng c truyn qua ng in thoi. Khng c l do no c th ni rng chng khng lm tng t i vi th tn in t khi cc thng ip c truyn trn mng. Nhiu cng ty m giao dch in t mua bn qua mng Internet, v c nhiu mt hng c mua bn qua mng thng qua th tn dng. S l rt d dng xy dng v thit lp mt ng dng chy t ng qut cc thng ip trn my tnh ngi s dng nhm tm kim cc thng tin v s th tn dng trong cc phin giao dch in t ni trn.1.2.1.5. Bn b ngi thnCui cng, chnh bn b, ngi thn ca bn cng c th l "gin ip". S dng thut ng "gin ip" trong trng hp ny c th l cha c chnh xc, nhng nhng i tng trn cng cn c quan tm khi th tn in t c s dng trao i cc thng tin ring t. Mt v d n gin, trong mi trng lm vic mt vn phng, ng nghip hon ton c th quan tm n nhng thng tin c nhn c trao i qua th tn in t ca chng ta m khng ch dng li mc ch t m.1.2.2. Vn thu thpVn ln nht khi mun c mt thng ip c gi qua ng th tn in t ca mt ai l vic tm n gia mt bin cc thng ip th tn in t khc trn mng. Cng vic ny c ngi ta v nh vic "m kim y bin". Tuy l mt cng vic kh khn nhng hin vn c cc c quan hoc t chc c sinh ra lm cng vic . Chng hn, mt trong cc cng vic chnh ca NSA, NSA gim st cc lung d liu my tnh vo, ra nc M v gia cc nc khc vi nhau.Nhim v thu thp thng tin t cc thng ip th tn in t c v nh nhim v ca mt chng Herculean. Nm 1994, theo thng k d liu my tnh vo ra nc M t con s nhiu gigabytes, vi hng t thng ip c trao i trong mt thng. Trong gm th tn in t, thng tin ng nhp t xa, dch v truyn tp, d liu "chat" thi gian thc, ... lu tr c lng d liu trn l mt cng vic ln ch cha ni g n vic c v phn tch chng.Tuy nhin i vi cc thng tin cn quan tm, cc my tnh c th thc hin vic sng lc t dng d liu trong thi gian thc. NSA hon ton c th thc hin vic a lung d liu vo ra nc M vo mt h thng my tnh mnh, h thng my tnh ny s thc hin vic tm kim d liu m NSA quan tm. H thng my tnh ny c th tm kim d liu theo t kho, gi s cc thng ip th tn in t c cha t kho "nuclear" (nguyn t), "cryptography" (mt m), hay "assassination" (cuc m st), s c lu gi li phc v cho mc ch phn tch sau.Ngoi ra cn rt nhiu cng ngh khc c h thng my tnh ca NSA s dng. H c th tm kim d liu t mt c nhn hoc mt t chc c th. H cng c th tm kim d liu theo mt cu trc cho trc. Tm li NSA c u t rt nhiu tin cho vn ny, h v ang thc hin cng vic trn trong mt thi gian di.iu quan trng nht l h thc hin cng vic trn trong thi gian thc, v khng nhiu lm d liu c lu. H hy vng rng d liu m h thu thp trong ngy no s c phn tch lun trong ngy . Vic thu thp d liu s tr thnh v gi tr nu d liu khng c phn tch, bi vy vn khn chnh l vic phn tch d liu. NSA c th kt hp rt nhiu cng ngh nhm phn tch d liu m h quan tm, nh mi quan h gia t kho ni ln d liu cn tm, i tng gi nhn thng tin, ...1.2.3. Phn tch ng truynTrong trng hp ni dung th c m ho, i tng c trm (NSA chng hn) khng th c ni dung th in t, h c th thu thp c mt lng thng tin khng nh thng qua vic phn tch ng truyn.Vic phn tch ng truyn da vo mt trong cc yu t nh: bn gi th in t cho ai, bn nhn th in t t ai, di ca cc thng ip th in t, hoc khi no th in t c gi. C rt nhiu thng tin n cha trong cc yu t kiu nh vy nu h bit cch khai thc.Trc ht chng ta hy th tm hiu lnh vc cung cp dch v in thoi. Hu ht cc quc gia chu u khng ghi chit khon mc trong cc ho n in thoi nh i vi cc cng ty ca M. Cc ho n in thoi chu u ch lit k s lng cuc m thoi s dng qua mt thu bao c th, nhng khng ghi li thi im cng nh a im ca cc cuc m thoi . i vi cc ho n thanh ton in thoi ca M, trong lit k chi tit tt c cc cuc m thoi i vi mt s thu bao: thi im thc hin, s c gi n, v thi lng cuc gi. T nhng thng tin cc cuc m thoi, cc c quan c chc nng ca M c th phn loi cc i tng cn theo di hoc a vo danh sch cc i tng cn phng.Tng t nh vy i vi cc thng ip th tn in t. Thm ch khi cc thng ip th tn in t c m ho, phn u ca thng ip th tn in t bao gi cng th hin r i tng gi, i tng nhn, thi im gi, v di ca thng ip. Trn thc t c nhng dch v th tn in t n danh, nhm che du i nhng thng tin chng ta va lit k trn. Tuy nhin theo cc nh phn tch v lnh vc ny trn th gii cho rng iu chng c ngha l g i vi cc i tng nghe trm c NSA.Mt v d c th hn, gi s Eve nghi ng Alice l ngi ng h ch ngha khng b. Trong khi tt c th tn in t ca Alice c c y m ho, bi vy Eve khng th c c ni dung ca cc thng ip th tn in t c gi nhn bi Alice. Tuy nhin, Eve c th thu thp tt c cc thng tin trn ng truyn ca Alice. Eve bit tt c cc a ch th in t ca nhng ngi m Alice thng lin lc. Alice thng gi cc thng ip th tn in t di cho mt ngi c tn l Bob, ngi thng phc p ngay sau vi mt thng ip rt ngn. C th c y gi Bob cc mnh lnh v anh ta phc p li vic nhn c cc lnh . Mt ngy no bng dng c mt bc nhy vt trong vic trao i th in t gia Alice v Bob. C th h ang lp mt k hoch g . V sau l s im lng, khng c mt thng ip th in t no c trao i qua li gia h. Ngy tip theo to nh chnh ph b nh bom. iu ny lm bng chng bt gi h cha cn tu thuc vo nhiu bng chng khc, nhng t nht chng em li cho cc c quan quan tm n lnh vc ny khng t thng tin qu gi.Khng b khng phi l i tng duy nht b theo di thng qua vic phn tch ng truyn. Vic phn tch ng truyn trao i thng ip th tn in t cng l mt cng c FBI cn c trong vic iu tra ti phm bun bn ma tu. Trong lnh vc kinh t x hi, mt cng ty s ngh sao khi mt thnh vin trong cng ty thng xuyn lin lc th in t vi mt i th cnh tranh. iu g s xy ra nu mt ngi hay ghen nhn thy v hoc chng mnh thng xuyn lin h vi i th tim nng thng qua th in t. Tm li vic phn tch ng truyn th in t l mt cng c thng minh trong vic n cp thng tin c nhn.1.2.4. Gi moGi mo l mt vn an ton khc trn mng my tnh ni chung. Khi nim ngn nht v gi mo l vic ngi ny gi danh l mt ngi khc. Vic gi mo c th xut pht t mc ch tru a, lm mt danh d, bi nh ngi khc hoc l cng c la gt.Hng ngy c rt nhiu thng ip th tn c gi mt cch t ng n hp th ca ngi s dng trn mng Internet, vi ch kiu nh ti l ngi thch lm phin ngi khc v ti t ho v iu hoc vi ch nh mt khu hiu trong vic phn bit chng tc, phn bit gii tnh. Ni dung ca cc thng ip th tn in t ny hon ton khng c ngha g. Sau mt thi gian li c mt th khc cng xut pht t cng mt ti khon vi li xin li v vic gi th in t th nht. Ni chung khng nn tin vo bt k iu g trong cc thng ip th tn kiu nh vy, y ch l mt tr tru a trn mng.Mt v d khc, Eve mun bi nh Alice. C ta vit mt th in t buc ti mt ai , vit tn ca Alice cui th, gi mo thng tin c nhn ca Alice trn phn tiu ca th (iu ny c thc hin mt cch d dng i vi cc tin tc), sau c ta gi mt bn copy ti mt tp ch no , nh The New York Times chng hn.Mt kiu gi mo khc chng ta c th ly v d nh kiu tn cng ca k th ba trong mt m. V d, Bob v Alice hp tc vi nhau trong mt d n no , v h thng xuyn trao i thng tin vi nhau qua th in t. Eve gi danh l Bob gi th in t cho Alice v ni rng ti khon th in t trc y b hu b. Tng t nh vy i vi Bob v nu c Bob v Alice u tin vo ni dung th in t nhn c th mi lin h gia Alice v Bob c thc hin thng qua ngi th ba l Eve. Khi Eve s bit mi thng tin v d n m Bob v Alice ang hp tc. Eve s l ngi nh cp thng tin trao i gi Bob v Alice chng no Bob v Alice cha trao i trc tip hoc thng qua in thoi.Him ho mo danh c th c khc phc thng qua vic s dng ch k in t. Vi ch k in t Alice (trong v d trn) hon ton c th kim tra c nhng thng ip th tn in t no l tht s ca Bob. V cng khng ai c th mo danh Alice gi cc thng ip in t cho ngi khc.1.2.5. Bom thNu bn ang s dng th in t, bn c th tng nhn c mt s thng ip th in t c gi mt cch t nguyn t mt a ch no ti m cha c s cho php ca bn, nhng thng ip th in t c gi l spam. Spam l mt kiu th rc trn Internet, spam c s dng cho rt nhiu mc ch: qung co, quy ri, ...Nu l mt ngi mi s dng Internet c th bn ch nhn c mt s t thng ip in t khng mong mun nh trn. Nhng khi bn s dng Internet c mt vi nm bn c th cm thy rt kh chu khi nhn c hng lot th in t m mnh khng h mong mun.Di y l mt s kiu th in t thng xuyn xut hin trong hp th ca bn: Cc thng ip in t c gi t cc cng ty thng mi no m bn cha h c mi quan h trc y. Th in t c mc ch qung co cho cc sn phm hoc dch v bt hp php, m m hoc thm ch l c mc ch nh la ngi nhn. Cc th in t c gi t mt a ch khng r rng. Cc th khng h c a ch ngi nhn c th phc pNu bn tng nhn c mt mu bom th no , c th bn c cm gic bi ri, v t mnh t ra nhng cu hi nh: thng ip ny l g vy? N c gi t u n v bng cch no nhng ngi gi th c c a ch hp th ca mnh?Khi nhng bn khon ca mnh va qua i th bn nhn c lin tip cc th rc tip theo, v nh vy chng gy nn s bc mnh cho bn. C th, bn s vit th than phin vi ngi gi th rc, nhng s bc mnh ca bn s tng ln khi bit th in t than phin ca mnh s khng n c i tng mnh cn gi, v k gi th rc thng ngu trang hoc dng gi mt hp th no khi gi cho bn. Mt s loi bom th: Th in t thng mi t nguyn (UCE - Unsolicited Commercial Email): l cc thng ip th in t m ngi s dng nhn c ngoi mun, vi ni dung nhm qung co cho mt sn phm hay mt dch v no . Loi bom th ny cn c gi l "Junk mail". Th in t gi hng lot (UBE - Unsolicited Bulk Email): c bit n nh cc thng ip in t c gi vi s lng ln cho hng nghn thm ch hng triu ngi nhn. UBE c th c s dng cho mc ch thng mi, trong trng hp n cng l UCE. Nhng n cng c th c s dng cho nhiu mc tiu khc, nh vn ng bu c trong lnh vc chnh tr, hay ch n gin l gy ri h thng th in t. Cc thng ip th in t kim tin nhanh (MMF - Make Money Fast): thng cc thng ip ny l mt chui cc th cng mt mu. Ni dung ca cc thng ip th in t kiu ny gi ngi nhn rng h c th tr nn giu c nu thc hin theo cc bc nh: Hy gi tin cho ngi c tn u tin trong danh sch (danh sch c gi km theo th) Loi b tn ca ngi , b sung tn ca mnh vo cui danh sch v chuyn thng ip cho ngi khc. Cc thng ip th in t MMF c xem l tr s s bt hp php nc M.Cc tn cng s ni ting: l cc thng ip th in t m ngi s dng cho l n c gi t mt ngi hoc mt t chc c th, nhng thc t n li c gi t mt a ch no khc. Mc ch ca cc thng ip in t kiu ny khng phi nhm qung cao cho sn phm hay dch v, m nhm mc ch lm cho ngi nhn gin ngi gi xut hin trong th.
CHNG 2CC GIAO THC S DNG CHO TH TN2.1. Cc ch hot ng trm - ch trong th tnTrong mc ny chng ta tm hiu mt s khi nim c bn v cc m hnh trm ch c s dng trong th tn in t. C 3 m hnh c s dng l: M hnh Offline: Trong m hnh ny, mt ng dng th client kt ni nh k ti my ch th tn. N ti tt c cc thng bo ti my client v xo cc thng bo ny khi my ch th tn. Sau , qu trnh x l mail c din ra cc b trn my client . M hnh Online: M hnh ny thng c s dng vi cc giao thc h thng tp trn mng (NFS). Trong ch ny, mt ng dng client thao tc vi d liu mailbox trn my ch th tn. Mt kt ni ti my ch th tn c duy tr trong sut phin lm vic. Khng c d liu mailbox no c gi trn my client; client ly d liu t my ch th tn khi cn. M hnh Disconnected: y l mt m hnh bin th ca m hnh Offline v m hnh Online, c s dng bi giao thc PCMAIL. Trong m hnh ny, mt client ti mt vi thng bo t my ch th tn, thao tc vi chng trong m hnh offline, ri sau chuyn cc thay i n my ch th tn. Vn ng b c qun l (khi c nhiu client) thng qua phng php nhn danh duy nht cho mi thng bo.Mi mt m hnh c u v nhc im, ta c th so snh c im ca cc m hnh ny trong bng di y:c imOfflineOnlineDisconnected
C th s dng nhiu clientKhngCC
Thi gian kt ni ti my ch th tn l ti thiuCKhngC
S dng ngun ti nguyn ca my ch th tn t nhtCKhngKhng
S dng a ca client t nhtKhngCKhng
Nhiu mailbox xaKhngCC
Khi ng nhanhKhngCKhng
X l mail khi khng kt ni onlineCKhngC
2.2. M rng th tn Internet a mc tiu (MIME)RFC 822 cung cp chun cho vic truyn cc thng ip th tn in t cha cc ni dung dng vn bn. Tuy nhin, chun ny khng tr gip cc thng ip th tn in t c cc thnh phn nh km (nh thng ip th tn in t c nh km cc ti liu word hoc cc tp hnh nh). thay th cho cc nh ngha trong RFC 822, "m rng phn th tn Internet a mc tiu (MIME)" c pht trin. i vi phn tiu (header) ca cc thng ip vn tun theo chun RFC 822, vic sa i v pht trin cho phn m rng MIME c thc hin i vi ni dung ca thng ip. MIME s dng mt s quy c th hin nhng ni dung ring trong mt thng ip th tn in t. V d minh ho cho cc kiu ni dung nh sau: m thanh- dng truyn cc m thanh hoc d liu bng m thanh. ng dng- s dng truyn ng dng hoc d liu nh phn. Hnh nh- dng truyn d liu hnh nh. Thng ip- dng ng gi thng ip th tn khc a phn- c s dng lin kt nhiu phn thn ca thng ip, c th l cc kiu khc nhau ca d liu thnh mt thng ip c th. Vn bn- c s dng biu din nhng thng tin di dng vn bn theo mt b k t nht nh no . Video- dng truyn video hoc d liu hnh nh ng, c th c m thanh nh mt phn ca phn nh dng d liu video tng hp.Hin ti c 5 ti liu m t MIME l: RFCs 2045, 2046,2047,2048 v 2049. Trong m t nh dng cho phn thn thng ip, cc kiu truyn thng, m nh dng khng thuc chun ca M, . Ngoi nhng tnh nng c b sung lit k, cc tnh nng quan trng khc ca th tn nh phn nh km thng ip, nhng trc tip phn d liu di nh dng ngn ng siu vn bn (HTML) cng c a ra trong cc ti liu trn. Lu rng, mc d cc phn m rng MIME cho php s dng ni dung thng ip dng nh phn, nhng ni dung di dng nh phn phi c biu din di nh dng Base64 ph hp vi chun qui nh trong RFC 822.2.3. Cc chun truyn th2.3.1. Gii thiuNhm m bo tin cy v kh nng tng tc gia cc ng dng th tn khc nhau, cc tiu chun truyn th tn c thit lp. Trong trng hp n gin nht, vic truyn ti th l qu trnh mt thng ip th tn c gi t ngi s dng cc b ny ti ngi s dng cc b khc, khi LDA chu trch nhim xc nh v chuyn thng ip th tn in t n hp th thch hp. Trong trng hp phc tp hn, khi i tng nhn bn ngoi nhm cc b, cn phi c mt MTA gi thng ip t my ch th tn cc b ti my ch th tn t xa. Tu vo kiu v phm vi ca h thng hin c, m mt hoc nhiu MTA khc nhau c s dng, v bn thn mi cp MTA c th s dng cc giao thc truyn th khc nhau.Giao thc chuyn giao MTA ph bin nht hin nay l giao thc truyn th n gin (SMTP). SMTP l chun cho vic truyn cc thng ip in t trn Internet (chi tit v giao thc ny chng ti s trnh by trong phn tip theo). Bi vy hu ht cc h thng th tn in t trn Internet u h tr giao thc SMTP cho vic truyn th.2.3.2. Giao thc truyn th n gin (SMTP)Jon Postel thuc Trng i hc Nam California pht trin SMTP vo thng 8 nm 1982. SMTP l mt giao thc truyn th tn in t mt cch tin cy v hiu qu.SMTP c lp i vi cc h thng truyn ti c bit v ch yu cu knh truyn d liu tin cy (cng 25/TCP). Mt dch v truyn ti (TCP, X.25, ) cung cp mt mi trng truyn thng lin tin trnh (IPCE, Interprocess Communication Environment). Mt IPCE c th bao gm mt mng, nhiu mng, hoc tp con ca mt mng. Nh vy, iu quan trng y l cc h thng (hoc cc IPCE) khng phi l cc mng one-to-one. Mt tin trnh c th truyn thng trc tip vi tin trnh khc thng qua IPCE c bit. Mail l mt ng dng hoc l s s dng truyn thng gia cc tin trnh. Mail c th c truyn thng gia cc tin trnh trong cc IPCE lu chuyn thng qua mt tin trnh kt ni vi 2 hoc nhiu IPCE. c bit hn na, mail c th c lu chuyn gia cc my trn cc h thng truyn ti khc nhau bng mt my gm c c 2 h thng truyn ti . Di y chng ta s i tm hiu m hnh c th ca SMTP.2.3.2.1. M hnh hot ng ca SMTPThit k SMTP c da trn m hnh truyn thng sau: tng t nh mt yu cu th ca ngi s dng, Sender-SMTP thit lp mt knh truyn ti 2 chiu ti mt Receiver-SMTP. Receiver-SMTP hoc l ch hoc l im tm thi. Cc lnh SMTP c sinh ra bi Sender-SMTP v gi ti Receiver-SMTP. p li SMTP c gi t Receiver-SMTP cc lnh ti Sender-SMTP.Mi khi knh truyn thng c thit lp, th Sender-SMTP gi mt lnh MAIL ch r ngi gi th. Nu Receiver-SMTP c th chp nhn th th n p li OK. Sau Sender-SMTP gi lnh RCPT nh danh ngi nhn th. Nu Receiver-SMTP c th chp nhn th cho ngi nhn th n p li OK; ngc li, nu Receiver-SMTP khng chp nhn th n loi b th . Sender-SMTP v Receiver-SMTP c th tho thun vi nhau l s c nhiu ngi nhn. Sau khi tho thun xong nhng ngi nhn th th Sender-SMTP gi d liu th, v a km chui c bit kt thc. Nu Receiver-SMTP x l d liu mail thnh cng th n p li OK (l li thoi mi khi hon thnh mt bc gia Sender-SMTP v Receiver-SMTP). M hnh s dng SMTP c th hin nh sau:
UserH thng fileSender-SMTPReceiver-SMTPH thng fileSMTP commands/repliesMailHnh 2.1: M hnh s dng SMTP
SMTP cung cp cc k thut truyn ti th in t, trc tip t my ca ngi gi ti my ca ngi nhn khi 2 my c kt ni cng mt dch v truyn ti (ch yu s dng TCP), hoc gi qua mt hoc nhiu Server-SMTP lu chuyn khi cc my ngun v ch khng c kt ni cng dch v truyn ti. c th cung cp cc kh nng lu chuyn th Server-SMTP phi c cung cp tn my ch cui cng (tn mailbox ch).Tham s ca lnh MAIL l reverse-path (tuyn ngc) ch ra th c chuyn t ngi no. Tham s ca lnh RCPT l forward-path (tuyn thun) ch ra th c chuyn ti ngi no. forward-path l mt tuyn ch trong khi reverse-path l tuyn tr v (c th c s dng tr v mt thng ip ti ngi gi khi xut hin nhng li trn thng ip lu chuyn). Khi cng mt thng ip c gi ti nhiu ngi nhn th SMTP gip s truyn ti ch c mt bn sao ca d liu cho tt c ngi nhn trn cng mt my ch. Cc lnh hi p khi gi th c c php cht ch. Ring phc p cng c th l mt m dng s. Nhng v d v gi th v cc lnh khi gi v p li s c chng ti trnh bi phn sau. Cc k t ca lnh hi p c th tu : c th l ch hoa, ch thng, hoc c hai. iu ny khng ng i vi tn ngi dng trn mailbox. i vi mt s trng hp khc tn ngi s dng d b nh hng, v cc ci t SMTP qun l trong trng hp tn ngi s dng khi chng xut hin trn cc tham s mailbox. Tn my cng khng b nh hng vn ny. Cc lnh hi p nm trong tp k t ASCII. Khi dch v truyn ti cung cp mt knh truyn ti 8-bit (octet), th cc k t 7-bit cng c truyn ti nh l mt octet nhng bit cao s ly gi tr 0.2.3.2.2. Cc th tc truyn SMTPTrong mc ny chng ti s trnh by cc th tc s dng trong SMTP. Trc tin th tc th c bn truyn ti th tn. Tip theo l m t v cc th tc gi th, kim tra cc tn trong mailbox v m rng danh sch th, gi ti cc terminal hoc kt hp vi cc mailbox, m v ng phin giao dch, lu chuyn th. Trong ti liu ny khng cp n vn phn vng th v thay i vai tr chng trnh khi truyn thng qua knh truyn ti, thm thng tin bn c th tham kho trong RFC 821.Th tc truyn tiTh tc truyn ti SMTP c 3 bc: Bc 1: S dng lnh MAIL nh danh ngi gi. Bc 2: Mt hoc nhiu lnh RCPT nh danh thng tin ngi nhn. Bc 3: S dng lnh DATA xc nh d liu th.Cc lnh trn c c php nh sau: MAIL FROM: RCPT TO: DATA V d ngi gi tiendq gi th ti my vdc ti ngi dng thaith, toannq v khoanc trn my vol nh sau: S: MAIL FROM: R: 250 OK S: RCPT TO: R: 250 OK S: RCPT TO: R: 550 No such user here S: RCPT TO: R: 250 OK S: DATA R: 354 Start mail input; end with . S: Blah blah blah... S: ...etc. etc. etc. S: . R: 250 OKTrong S ca bn gi v R ca bn nhn (quy c ny s c s dng cho tt c cc v d). V d trn ch chp nhn mail ca thaith v toannq, cn khoannc khng c chp nhn bi khng c mailbox trn my vol.Th tc gi mail Trong mt s trng hp th thng tin ch trong b sai, Receiver-SMTP s nhn bit ch ng khi ng. Khi s xy ra mt trong 2 lnh p li di y c s dng cho php ngi gi lin lc vi ch c cho l ng. 251 User not local; will forward to hoc 551 User not local; please try Lnh p li 251 ch ra rng Receiver-SMTP nhn ra mailbox ca ngi s dng trn mt my khc v xc nh ng forward-path s c s dng v sau (lu chuyn qua nhiu SMTP). Lnh 551 ch ra rng Receiver-SMTP nhn ra mailbox ca ngi s dng trn mt my khc v xc nh ng forward-path s dng ngay lc . V d: S: RCPT TO: R: 251 User not local; will forward to hoc S: RCPT TO: R: 551 User not local; please try Kim tra v m rng danh sch thSMTP cung cp thm mt s c tnh nh: kim tra tn ngi s dng bng lnh VRFY, v m rng danh sch mail bng lnh EXPN. Cc lnh ny c c php nh sau: VRFY EXPN Trong lnh VRFY s kim tra v thng tin ca tn ngi s dng ch ra, lnh EXPN nh danh cho mt danh sch th (c th gi th cho tt c ngi nhn c cng nh danh). V d v kim tra tn ngi s dng nh sau: S: VRFY Smith R: 250 Fred Smith hoc S: VRFY Smith R: 251 User not local; will forward to hoc S: VRFY Jones R: 550 String does not match anything.hoc S: VRFY Jones R: 551 User not local; please try hoc S: VRFY Gourzenkyinplatz R: 553 User ambiguous.V d v m rng danh sch mail nh sau: S: EXPN Example-People R: 250-Jon Postel R: 250-Fred Fonebone R: 250-Sam Q. Smith R: 250-Quincy Smith R: 250- R: 250 hoc S: EXPN Executive-Washroom-List R: 550 Access Denied to You.Phn phi ti mailbox v terminalMc ch chnh ca SMTP l phn phi cc thng ip ti mailbox ca ngi s dng. Mt s t dch v phn phi thng ip ti cc terminal ca ngi s dng (ngi s dng c kch hot). Vic phn phi thng ip ti cc mailbox ca ngi s dng c gi l "mailing", cn phn phi thng ip ti cc terminal ca ngi s dng c gi l "sending" (ngi dng gi thng ip thng qua terminal). Di y l 3 lnh c nh ngha h tr "sending". SEND FROM: SOML FROM: SAML FROM: Lnh SEND yu cu d liu th c phn phi ti terminal ca ngi s dng. Nu ngi s dng khng t ch kch hot (hoc khng chp nhn thng ip ti terminal) th s tr v m 450 bng lnh RCPT. Lnh SOML (send or mail) yu cu d liu mail c phn phi ti terminal ca ngi s dng nu ngi dng t ch kch hot. Nu ngi dng khng c kch hot (khng chp nhn thng ip ti terminal) th d liu mail s c chuyn vo mailbox ca ngi s dng. Lnh SAML (send and mail) yu cu d liu mail c phn phi ti terminal ca ngi s dng nu ngi dng t ch kch hot (v chp nhn thng ip ti terminal). Trong mt s trng hp khc d liu mail mi c a vo mailbox ca ngi s dng.ng v m phin giao dchTi thi im knh truyn ti c m th c s trao i thng tin chc chn rng cc my ang truyn thng vi nhau. Hai lnh sau y c s dng ng m phin giao dch cho knh truyn ti. HELO QUIT Trong lnh HELO my s gi lnh t nh danh cho n, tng t nh mt li cho "Cho cc bn, ti l ". V d m kt ni nh sau: R: 220 BBN-UNIX.ARPA Simple Mail Transfer Service Ready S: HELO USC-ISIF.ARPA R: 250 BBN-UNIX.ARPALnh QUIT thc hin ng knh truyn ti thng tin, v d: S: QUIT R: 221 BBN-UNIX.ARPA Service closing transmission channelLu chuyn mailT kho forward-path c th l mt tuyn ngun c dng "@ONE, @TWO: JOE@THREE", trong ONE, TWO, v THREE l cc my. Dng ny c s dng lm ni bt s khc nhau gia mt a ch v mt tuyn. Mailbox l mt a ch tuyt i, v tuyn l thng tin v cch thc nhn mail.Theo khi nim th cc phn t ca forward-path c chuyn thnh reverse-path khi thng ip c lu chuyn t mt Server-SMTP ti Server-SMTP khc (reverse-path coi l mt tuyn ngun ngc). Khi mt Server-SMTP xo nh danh ca n khi forward-path v thay nh danh ca Server-SMTP vo reverse-path, th n phi s dng nh danh phi c bit bi i tng n s gi ti. Nu khi thng ip n ti mt Server-SMTP phn t u tin ca forward-path khng phi l b nh danh ca Server-SMTP th phn t khng b xo khi forward-path m c dng xc nh Server-SMTP tip theo cn tip tc gi thng ip ti. Trong mt s trng hp khc th Server-SMTP thm b nh danh ca n vo reverse-path.S dng ngun nh tuyn Receiver-SMTP nhn mail c lu chuyn t Server-SMTP khc. Khi Receiver-SMTP c th chp nhn hoc hu b tc v lu chuyn mail theo ng cch m n chp nhn hoc hu b mail ca mt ngi dng cc b. Receiver-SMTP truyn ti cc tham s lnh bng cch chuyn b nh danh ca n t forward-path thnh nh danh ca reverse-path. Sau Receiver-SMTP s tr thnh Sender-SMTP, thit lp mt knh truyn ti cho SMTP tip theo trong forward-path, v tip tc gi mail. My u tin trong reverse-path s l my gi cc lnh SMTP, v my u tin trong forward-path s l my nhn cc lnh SMTP.Ch : forward-path v reverse-path xut hin trong cc lnh gi v p li ca SMTP, nhng khng cn thit trong cc thng ip. iu c ngha l khng cn thit cc ng dn ny cho thng ip v c bit c php ny ch xut hin trong cc trng tiu ca thng ip nh:"To:", "From:", "CC:",...Nu Server-SMTP chp nhn tc v lu chuyn th v sau tm ng forward-path hoc th khng c phn phi vi mt l do no , th thng ip thng bo "undeliverable mail" khng th phn phi mail v gi n v ni xut pht. Thng bo ny phi bt u t Server-SMTP ca my . Tt nhin, cc Server-SMTP khng gi thng ip thng bo li cng thng ip . Mt cch phng chng li lp l ch ra mt reverse-path c gi tr null trong lnh MAIL ca mt thng ip thng bo li nh sau: MAIL FROM:V d chng ta c mt h thng lu chuyn nh sau: Thng bo trong lnh tr li t JOE ti my HOSTW v gi thng qua my HOSTX ti HOSTY vi nhng hng dn lu chuyn trn my HOSTZ. S giao dch gia my HOSTY v HOSTX ngay bc u tin tr v thng ip thng bo li khng phn phi th nh sau: S: MAIL FROM: R: 250 ok S: RCPT TO: R: 250 ok S: DATA R: 354 send the mail data, end with . S: Date: 23 Oct 81 11:22:33 S: From: [email protected] S: To: [email protected] S: Subject: Mail System Problem S: Sorry JOE, your message to [email protected] lost. S: HOSTZ.ARPA said this: S: "550 No Such User" S: . R: 250 ok2.3.2.3. Cc lnh SMTP c bn kt thc mc ny chng ti a ra bng cc lnh c bn ca SMTP cc bn tin tham kho.STTLnhC phpS dng
1HELO HELO domain> nh danh Sender-SMTP i vi Receiver-SMTP, tham s thng l tn my.
2MAILMAIL FROM: CRLF>Khi to phin giao dch mail ti mt hoc nhiu mailbox v ng thi nh danh ngi gi bng tham s reverse-path
3RCPTRCPT TO: nh danh mt ngi nhn d liu mail thng qua tham s forward, nu nhiu ngi nhn th s dng nhiu dng lnh.
4DATADATA Cc dng sau lnh ny s l d liu th.
5RSETRSET Ch ra phin giao dch th hin ti s b loi b.
6SENDSEND FROM: CRLF>Khi to phin giao dch d liu th phn phi ti mt hoc nhiu terminal. Tham s reverse-path nh danh ngi gi.
7SOMLSOML FROM: Khi to phin giao dch d liu mail phn phi ti mt hoc nhiu terminal hoc nhiu mailbox. Tham s reverse-path nh danh ngi gi.
8SAMLSAML FROM: Khi to phin giao dch d liu mail phn phi ti mt hoc nhiu terminal v nhiu mailbox. Tham s reverse-path nh danh ngi gi.
9VRFYVRFY Yu cu ngi nhn mail xc nhn mt ngi s dng.
10EXPNEXPN Yu cu xc nhn tham s nh danh mt danh sch th.
11HELPHELP [ ] Ngi nhn gi thng tin tr gip ti ngi gi.
12NOOPNOOP Nhn c lnh ny t pha ngi gi, tc l khng thc hin g khc, th ngi nhn tr li OK.
13QUITQUIT Lnh ny yu cu ngi nhn gi tn hiu tr li OK, sau ng phin giao dch.
14TURNTURN Lnh ny yu cu ngi nhn hoc l phi gi tn hiu OK v sau ng vai tr l Sender-SMTP, hoc l phi gi tn hiu t chi v tr v ng vai tr Receiver-SMTP.
2.3.3. Cc m rng ca giao thc truyn th n ginCng vi s lng ngi s dng th in t ngy cng tng, cc phn mm th client v cc SMTP server ngy c b sung thm nhiu tnh nng mi. i vi cc my ch SMTP ngi ta m rng thm chc nng cho giao thc truyn th n gin SMTP. Nm 1993, RFC 1455 gii thiu chung v phn m rng cho giao thc truyn th n gin SMTP. Cc ti liu tip theo c ra i nhm c th ho cho RFC 1425 l RFC 1651 vo nm 1994 v RFC 1869 vo nm 1995. Cc RFC ny b sung thm ba phn chnh cho SMTP nguyn thu, bao gm: Cc lnh SMTP mi (RFC 1425) ng k cc m rng dch v SMTP (RFC 1651) Cc tham s b sung cho cc lnh SMTP MAIL FROM v RCPT TO (RFC 1869). tng thch vi cc my ch SMTP th h c, cn phi c mt phng thc nhm cho php ng dng th client xc nh xem my ch c h tr cc phn m rng hay khng. Cng vic ny c thc hin qua lnh enhanced hello (EHLO). Khi kt ni vi mt my ch, ngi s dng th tn c th dng lnh EHLO. Nu my ch h tr cc phn m rng SMTP, my ch s phc p kt qu thc hin lnh thnh cng v lit k phn m rng hin my ch h tr. Nu my ch khng h tr phn m rng SMTP, s c thng bo kt qu thc hin lnh khng thnh cng, khi MUA phi thc hin lnh HELO chun. Cc my ch h tr cc giao thc truyn th n gin m rng c xem nh cng c xem nh cc my ch Extended SMTP (ESMTP). Di y l mt v d v phn giao dch vi my ch s dng cu lnh m rng EHLO.telnet mail.dcs.vn 25Connected to mail.dcs.vnEscape character is '^]'220 test.mail.vn ESMTP Service (Sample Mail Server String)EHLO test.mail.vn250 test.mail.vn says hello250-HELP250-EXPN250 SIZE 20971520...
Trong v d trn, my ch ch h tr mt phn m rng- SIZE. Tuy nhin, trn thc t mt server c th h tr nhiu phn m rng khc nhau. Bng di y s lit k mt s m rng cho SMTP c cng b trong cc RFC tng ng. V d, RFC 2554 ch ra lnh v giao thc mi cho vic nh danh v xc thc ngi s dng. SMTP ExtensionsRFC
M rng dch v SMTP cho vic khai bo ln ca thng ip th in t1870
M rng dch v SMTP cho ng dn lnh2920
M rng dch v SMTP cho vic truyn cc thng ip th in t MIME di dng nh phn vi dung lng ln3030
M rng dch v SMTP cho vic xc thc2554
M rng dch v SMTP cho vic bo mt SMTP thng qua giao thc TLS2487
M rng dch v SMTP cho vic tr m li m rng2034
M rng dch v SMTP cho vic bt u mt hng i thng ip t xa1985
M rng dch v SMTP cho vic thng bo trng thi phn phi th1891
2.4. Cc chun Client nhn th2.4.1. Gii thiuKhi mt thng ip c LDA phn phi, ngi s dng cn phi truy nhp ti my ch th nhn thng ip. Cc phn mm mail client (MUA) c s dng truy nhp n cc my ch th v nhn cc thng ip th tn. Hin ti c nhiu phng php cho php ngi s dng c th truy cp n hp th ca mnh, mt trong cc phng php n gin nht l truy cp trc tip bng cch s dng cc lnh.Mt h thng th in t n gin l mt h thng th tn cho php tt c ngi s dng c th truy nhp trc tip ti hp th ca h. i vi mi ti khon ngi dng trong h thng s tng ng c mt th mc trong th mc home. Khi cc thng ip th tn c nhn, ngi s dng c th dng dng lnh da trn cc chng trnh th nh cc lnh mail hoc pine truy cp trc tip ti hp th. i vi ngi s dng, c bit l ngi s dng bn ngoi, vic truy nhp n my ch th thng qua thao tc dng lnh l mt yu t lm mt an ton cho ti khon th ca h. gim bt ri ro, cc giao thc truy nhp hp th c sa i. Hai giao thc truy cp hp th hin c s dng ph bin nht l POP3 v IMAP. Di y chng ta s tm hiu chi tit v hai giao thc hin ang c s dng ph bin trn.2.4.2. Giao thc nhn th POP3Giao thc POP3 c s dng truy nhp v ly cc thng ip th in t t mailbox trn my ch th tn. POP3 c thit k h tr x l mail trong ch Offline. Theo ch ny, cc thng bo mail c chuyn ti my ch th tn v mt chng trnh th client trn mt my trm kt ni ti my ch th tn v ti tt c cc thng bo mail ti my trm . V sau , tt c qu trnh x l mail c din ra trn chnh my trm ny.2.4.2.1. Nguyn tc hot ng v cc lnh ca giao thc POP3Hot ng ca giao thc POP3 c th hin hnh di y:
POP3 ClientPOP3 ServerTCP connectionAUTHORIZATION stateTRANSACTION stateUPDATE stateHnh 2.2 S hot ng ca POP3Mt POP3 Server c thit lp ch i cng 110. Khi POP3 client mun s dng dch v POP3, n thit lp mt kt ni TCP ti my server cng 110. Khi kt ni TCP c thit lp, POP3 server s gi mt li cho ti client. Phin lm vic gia client v server c thit lp. Sau client gi cc lnh ti server v server p li (response) cc lnh ti tn khi ng kt ni hoc kt ni b hu b.Mt phin POP3 c 3 trng thi l: AUTHORIZATION, TRANSACTION v UPDATE. Trng thi AUTHORIZATION: Mt khi kt ni TCP c m v POP3 server gi li cho (greeting) ti client th phin vo trng thi AUTHORIZATION, trong trng thi ny server s xc thc client. Khi server xc thc client thnh cng th phin vo trng thi TRANSACTION. Trng thi TRANSACTION: Tip theo trng thi AUTHORIZATION l trng thi TRANSACTION. Trong trng thi ny, client c th truy nhp ti mailbox ca mnh trn server kim tra, nhn th... Trng thi UPDATE: Khi client gi lnh QUIT ti server t trng thi TRANSACTION, th phin vo trng thi UPDATE, trong trng thi ny server gi goodbye ti client v ng kt ni TCP, kt thc phin lm vic. Nu client gi lnh QUIT t trng thi AUTHORIZATION, th phin PO3 s kt thc m khng vo trng thi UPDATE.2.4.2.2. Cc lnh trong giao thc POP3Cc lnh trong POP3 c th c mt hoc nhiu i s. Kt thc ca lnh bi mt cp CRLF. Cc t kho v i s trong lnh l cc k t trong ASCII. Mt li p li (response) t POP3 server gm mt m trng thi v theo sau l cc thng tin. C hai m trng thi hin hnh l: thnh cng (+OK) v li (-ERR).C ch xc thc v cc lnh trong trng thi AUTHORIZATION.Khi phin POP3 vo trng thi AUTHORIZATION, client phi nhn danh v xc thc chnh n vi POP3 server. Trong ti liu ny trnh by hai c ch xc thc: C ch th nht s dng kt hp hai lnh USER v PASS; c ch xc thc th hai s dng lnh APOP. Ngoi ra cn c cc c ch xc thc khc c m t trong RFC 1734.Xc thc s dng kt hp hai lnh USER v PASS: xc thc s dng kt hp lnh USER v PASS, trc ht client phi gi lnh USER vi tham s l tn ngi dng n server, sau khi server p li vi m trng thi l thnh cng (+OK) th tip theo client gi lnh PASS km tham s mt khu ca ngi dng hon thnh c ch xc thc cho user ny. Nu POP3 server p li vi m trng thi l +OK th qu trnh xc thc cho user ny thnh cng, cn ngc li (m trng thi l -ERR) th xc thc khng thnh cng v client phi s dng li lnh PASS xc thc li.Lnh USERC php: USER namei s: name l tn ngi dng.M t: c s dng trong trng thi AUTHORIZATION gi tn ca user ti POP3 server. Server s p li thnh cng (+OK) nu nhp tn user l ng v ngc li s tr li m li (-ERR). Ch : trong cc v d k t y, k hiu C: c gi t Client v S: l response ca Server.V d: C: USER mrose S: +OK mrose is a real hoopy frood ... C: USER frated S: -ERR sorry, no mailbox for frated hereLnh PASSC php: PASS passwordi s: password l mt khu ca user truy nhp ti mailbox.M t: Lnh ny ch c s dng trong trng thi AUTHORIZATION gi mt khu ca ngi dng ti POP3 server. Lnh ny phi c thc hin sau lnh USER v mt khi server p li lnh USER l thnh cng.V d: C: USER mrose S: +OK mrose is a real hoopy frood C: PASS secret S: +OK mrose's maildrop has 2 messages (320 octets) ... C: USER mrose S: +OK mrose is a real hoopy frood C: PASS secret S: -ERR maildrop already lockedC ch xc thc s dng lnh APOPC php: APOP name disgesti s: name: tn ca userdisgest: mt chui MD5 disgestM t: Vic xc thc trong phin s dng kt hp lnh USER/PASS c nhc im l mt khu c truyn r trn mng. khc phc nhc im ny th c ch xc thc s dng lnh APOP c s dng trong giao thc POP3. Phng php xc thc ny cho php c xc thc v bo v replay bng cch khng gi mt khu dng r trn mng.Mt server ci t lnh APOP s gi km mt timestamp vo trong li cho (greeting) ti client (greeting c gi khi kt ni TCP c thit lp gia POP3 client v PO3 server). Dng ca timestamp c m t trong RFC 822 v chng phi khc nhau mi ln POP3 server gi li cho ti client. V d, trn ng dng UNIX, mi tin trnh ring bit c s dng cho timestamp ca mt POP3 server, c php ca timestamp c th l:Trong 'process-ID' l s hiu tin trnh (PID), clock l clock ca h thng v hostname l tn min y .POP3 client s ly timestamp ny (bao gm c du ngoc nhn) cng vi b mt dng chung m ch client v server c bit (mt khu truy nhp mailbox ca ngi dng) tnh ton tham s disgest s dng gii thut MD5. Sau gi lnh APOP vi cc tham s i km ti server.Khi POP3 server nhn lnh APOP, n kim tra disgest . Nu disgest ng, th POP3 server s p li ti client thnh cng (+OK) v phin PO3 vo trng thi TRANSACTION. Tri li, server s thng bo li ti client v phin POP3 vn trng thi AUTHORIZATION.V d:S: +OK POP3 server ready [email protected]>C: APOP mrose c4c9334bac560ecc979e58001b3e22fbS: +OK maildrop has 1 message (369 octets)Trong v d ny b mt dng chung l chui 'tanstaaf'. Do u vo ca gii thut MD5 ny l chui tanstaafu ra c gi tr l c4c9334bac560ecc979e58001b3e22fbCc lnh trong trng thi TRANSACTIONCc lnh trong trng thi TRANSACTION l: STAT, LIST, TOP, NOOP, RETR, DELE, UIDL, QUIT v RSETSTTTn lnhC phpM t
1STATSTATLnh STAT c s dng nhn s tng thng bo v tng s byte ca cc thng bo trong mailbox.
2 LISTLIST [msg][msg] l s nhn danh thng boLnh LIST c s dng c hoc khng tham s. Nu khng c tham s, LIST s tr li s nhn danh v kch c ca mi thng bo trong mailbox.
3RETRRETR msgmsg: l s nhn danh ca thng boServer s gi ton b thng bo tng ng vi s nhn danh thng bo ti client
4DELEDELE msgmsg: l s nhn danh ca thng boLnh DELE nh du mt thng bo xo. Khi phin lm vic kt thc th tt c cc thng bo b nh du l xo mi b xo hn.
5RSETRSET msgmsg: l s nhn danh ca thng boLnh ny th ngc vi lnh DELE, tc l n c s dng b nh du xo thng bo c thc hin bi lnh DELE.
6NOOPNOOPLnh ny n gin ch l kim tra kt ni n Server. Server s p li vi m trng thi +OK
7TOPTOP msg [n]msg: l s nhn danh thng bo.n: l s dngNu khng c i s [n] th lnh TOP s ly header ca thng bo c ch ra t server. Nu c i [n] th TOP s ly herder ca thng bo cng vi n dng ca thng bo.
8UIDLUIDL [msg]msg: l s nhn danh thng bo.Nu khng c i s [msg] th lnh UIDL s tr li cc nhn danh duy nht ca mi thng bo (unique-id). Nu c i s [msg] th UIDL s tr li nhn danh duy nht cho thng bo . Nhn danh duy nht ca mt thng bo l mt chui gm 1 n 70 k t trong khong 0x21 n 0x7E, nhn danh ny l duy nht cho mi thng bo, n c duy tr trong phin lm vic thm ch phin kt thc m khng vo trng thi UPDATE.
9QUITQUITVo trng thi UPDATE, kt thc phin POP3.
2.4.2.3. V d v cc lnh s dng trong giao thc POP3Trong cc v d di y c thc hin bi s dng chng trnh Telnet thao tc vi mailbox trn POP3 mail server. My trm c ci t h iu hnh Win98 v POP3 server ci MDEAMON. chy bt u t Start/Run g lnh telnet 110V d1: Mt phin lm vic PO3 s dng cc lnh USER, PASS, STAT, LIST, NOOP, RETR, QUIT
Hnh 2.3 V d phin lm vic cc lnh POP3V d 2: Mt phin lm vic PO3 s dng cc lnh USER, PASS, STAT, LIST, UIDL, DELE, RSET, TOP, QUIT
Hnh 2.4 V d phin lm vic POP32.4.3. Giao thc truy nhp thng bo Internet (IMAP)IMAP l mt giao thc cho php client truy nhp email trn mt server, khng ch ti thng ip th in t v my ca ngi s dng (POP) m c th thc hin cc cng vic nh: to, sa, xo, i tn mailbox, kim tra thng ip mi, thit lp v xo c trng thi,... IMAP c thit k trong mi trng ngi dng c th ng nhp vo server (cng 143/tcp) t cc my trm khc nhau. N rt hu ch khi vic ti th ca ngi dng khng v mt my c nh, bi khng phi lc no cng ch s dng mt my tnh. Trong khi POP khng cho php ngi s dng tc ng ln cc thng ip trn server. n gin POP ch c php ti th in t ca ngi dng ang c qun l trn server, trong inbox ca ngi s dng . Nh vy, POP ch cung cp quyn truy nhp ti inbox ca ngi s dng m khng h tr quyn truy nhp ti pulbic folder (IMAP).S dng IMAP vi cc mc ch sau: Tng thch y vi cc chun thng ip Internet (v d MIME). Cho php truy nhp v qun l thng ip t nhiu my tnh khc nhau. H tr c 3 ch truy nhp: online, offline, v disconnected. H tr truy nhp ng thi ti cc mailbox dng chung. Phn mm bn client khng cn thit phi bit kiu lu tr file ca server.2.4.3.1. Hot ng ca IMAPKt ni IMAP bao gm: kt ni mng cho client/server, khi to trn server hay gi l "hello message", v nhng tng tc client/server tip theo. Nhng tng tc ny bao gm: lnh t client, d liu trn server, v tr li trn server. Tng tc gia IMAP client v IMAP server thc hin da vo cc giao thc gi/nhn ca client/server. C th s tng tc c th hin nh sau.Giao thc gi ca client v nhn ca serverKhi hot ng, bn client gi mt lnh, mi lnh c mt nh danh (sp xp theo alphabel, v d: A00001, A00002) c gi l mt th. Mi th ny c sinh t pha client cho tng lnh khc nhau. C 2 trng hp dng lnh gi t pha client khng c coi l mt lnh: Th nht, tham s lnh c trch dn trong du ngoc. Th hai, tham s lnh yu cu thng tin phn hi t pha server (xem lnh AUTHENTICATE mc sau). Trong tng trng hp th server gi mt thng tin tr li (cho lnh tip theo bn pha client) nu n c cc octet v phn lnh cn li tng ng. Ch rng t trc thng tin tr li l mt du "+".Nu server nhn ra mt li dng lnh, th n gi thng tin tr li l BAD hu b lnh v chng vic gi thm lnh t pha client. Server c th gi mt thng tin tr li cho nhiu lnh khc nhau cng mt thi im (trong trng hp gi nhiu lnh), hoc d liu khng gn th. Trong trng hp khc khi yu cu tip tc gi lnh ang ch, th client thc hin theo thng tin tr li lnh t pha server v c thng tin tr li khc t server n. Trong tt c cc trng hp, th client phi gi cc thng tin hon thnh lnh trc khi khi to lnh mi.Giao thc nhn bn server c dng lnh t pha client gi sang, phn tch lnh v cc tham s, sau truyn ti d liu trn server v thng tin hon thnh lnh sang client.Giao thc gi ca server v nhn ca clientD liu truyn ti sang client v tt nhin gm c thng tin trng thi thng bo cha kt thc lnh (t trc l du "*", c gi l khng gn th). D liu trn server c th c gi theo lnh t pha client, hoc c th c gi t pha server m khng cn theo lnh t pha client. Tt nhin khng c s khc nhau v c php gia 2 cch gi ny. Thng tin hon thnh p li t pha server ch ra rng cng vic thc hin hon thnh hoc b li. N c gn th tng t th lnh s dng cho cc lnh bn pha client. Do vy, nu c nhiu hn mt lnh th th s dng trong thng tin hon thnh lnh t pha server cn nhm dng xc nhn s tng ng vi lnh m n cn thng bo. Thng tin hon thnh lnh t pha server s dng mt trong 3 chui sau: OK thng bo lnh thc hin thnh cng, NO thng bo lnh thc hin li, v BAD thng bo b li khi s dng giao thc (lnh khng c cng nhn, hoc c php lnh sai).Giao thc nhn ca client c thng bo t pha server gi sang, sau n thc hin theo thng bo da theo du hiu (+, hoc *) trn thng bo. Ch rng, mt client phi chp nhn bt k thng bo no t pha server mi thi im, bao gm c d liu ca server m n yu cu. D liu ca server c ghi li, do client c th tham chiu ti bn sao m khng cn gi lnh yu cu d liu ti server. Nhng iu ny ch thc hin c khi d liu ca server c ghi li.2.4.3.2. Cc lnh IMAPTrong mc ny chng ti a ra danh sch lnh IMAP, cc lnh ny c t chc theo trng thi m lnh c php thc thi. Cc lnh c php vi nhiu trng thi, nhng y chng ti ch a ra ti thiu trng thi m lnh c php. xem chi tit v c php chun ca cc lnh IMAP bn tham kho RFC 2062, 2060. Di y chng ti ch a ra cc tham s, thng tin bo lnh, thng bo hon thnh lnh, v mc ch s dng ca cc lnh ny.STTM t lnh
1CAPABILITYCc tham s: nonePhc p: *: CAPABILITYKt qu tr v: OK hoc BADChc nng: Yu cu a ra danh sch cc kh nng m server h tr.
2NOOPCc tham s: nonePhc p: khngKt qu tr v: OK hoc BADChc nng: khi to chu k ly hoc cp nht trng thi thng ip hoc khi to b thi gian t logout trn server.
3LOGOUTCc tham s: nonePhc p: *: BYEKt qu tr v: OK hoc BADChc nng: thng bo ngt kt ni.
4AUTHENTICATECc tham s: tn k thut xc thcPhc p: d liu yu cuKt qu tr v: OK hoc NO hoc BADChc nng: Ch ra mt k thut xc thc server (tham kho RFC 1731). Nu server h tr k thut ny, th n thc hin trao i giao thc xc thc xc thc v nh danh client. Nu k thut ny khng c h tr bi server, th server hu b lnh ny bng cch gi li thng bo NO.
5LOGINCc tham s: mt khu, ngi dngPhc p: noneKt qu tr v: OK hoc NO hoc BADChc nng: nh danh client i vi server v a mt khu dng text xc thc ngi dng.
6SELECTCc tham s: tn mailboxPhc p: *: FLAGS, EXITS, RECENT hoc OK *: UNSEEN, PERMANENTFLAGS.Kt qu tr v: OK hoc NO hoc BADChc nng: Chn mailbox ch ra truy nhp.
7EXAMINECc tham s: tn mailboxPhc p: *: FLAGS, EXITS, RECENT hoc OK *: UNSEEN, PERMANENTFLAGS.Kt qu tr v: OK hoc NO hoc BADChc nng: Tng t lnh SELECT nhng mailbox chn l read-only, khng th thay i thuc tnh PERMANENT ca mailbox.
8CREATECc tham s: tn mailboxPhc p: noneKt qu tr v: OK hoc NO hoc BADChc nng: To mailbox vi tn ch ra.
9DELETECc tham s: tn mailboxPhc p: noneKt qu tr v: OK hoc NO hoc BADChc nng: Xo mailbox ch ra.
10RENAMECc tham s: tn mailbox c, tn mailbox miPhc p: noneKt qu tr v: OK hoc NO hoc BADChc nng: i tn mailbox tn ti thnh tn mailbox mi.
11SUBSCRIBECc tham s: tn mailboxPhc p: noneKt qu tr v: OK hoc NO hoc BADChc nng: Thm mailbox vo tp cc mailbox c trng thi "active" hoc "subscribed" ca server.
12UNSUBSCRIBECc tham s: tn mailboxPhc p: noneKt qu tr v: OK hoc NO hoc BADChc nng: Xo mailbox ch ra trong tp cc mailbox c trng thi "active" hoc "subscribed" ca server.
13LISTCc tham s: tn tham chiu, tn mailboxPhc p: *: LISTKt qu tr v: OK hoc NO hoc BADChc nng: Tr v tp cc tn client c hiu lc.
14LSUBCc tham s: tn tham chiu, tn mailboxPhc p: *: LSUBKt qu tr v: OK hoc NO hoc BADChc nng: Tr v tp cc tn ngi dng c khai bo trng thi "active" hoc "subscribed".
15STATUSCc tham s: tn mailbox, tn trng thi d liu Phc p: *: STATUSKt qu tr v: OK hoc NO hoc BADChc nng: Yu cu cc trng thi d liu cho mailbox ch ra.
16APPENDCc tham s: tn mailbox, [cc c], [ngy/thng], thng ipPhc p: none Kt qu : OK hoc NO hoc BADChc nng: Ni thm thng ip vo cui mailbox ch ch ra.
17CHECKCc tham s: nonePhc p: none Kt qu tr v: OK hoc BADChc nng: Yu cu im kim sot mailbox chn (v d, trng thi vng nh ca mailbox trn server).
18CLOSECc tham s: nonePhc p: Kt qu tr v: OK hoc NO hoc BADChc nng: Xo vnh vin tt c cc thng ip c thit lp c \Delete ca mailbox chn, v tr v trng thi xc thc.
19EXPUNGECc tham s: nonePhc p: *: EXPUNGEKt qu tr v: OK hoc NO hoc BADChc nng: Xo vnh vin tt c cc thng ip c thit lp c \Delete ca mailbox chn, v tr thng bo OK ti client.
20SEARCHCc tham s: OPTIONAL [CHARSET], tiu chun tm kimPhc p: *: SEARCHKt qu tr v: OK hoc NO hoc BADChc nng: Tm kim cc mailbox c tiu chun tm kim a ra.
21FETCHCc tham s: tp thng ip, danh mc d liuPhc p: *: FETCHKt qu tr v: OK hoc NO hoc BADChc nng: Ly d liu nh km thng ip trong mailbox.
22STORECc tham s: tp thng ip, danh mc d liu, gi tr ca danh mc d liuPhc p: *: FETCHKt qu tr v: OK hoc NO hoc BADChc nng: Thay i d liu nh km thng ip trong mailbox.
23COPYCc tham s: tp thng ip, tn mailboxPhc p: noneKt qu tr v: OK hoc NO hoc BADChc nng: Lnh ny sao lu cc thng ip ch ra vo mailbox ch xc nh.
24UIDCc tham s: tn lnh, cc tham s lnhPhc p: *: FETCH, SEARCHKt qu tr v: OK hoc NO hoc BADChc nng: Lnh ny th hin 2 dng: Dng th nht, n s dng lnh COPY, FETCH, hoc STORE v cc tham s ca cc lnh tng ng. Dng th 2, n s dng lnh SEARCH v cc tham s ca lnh ny.
2.4.4. So snh IMAP v POPNh trnh by cc mc trn th im khc bit gia 2 giao thc nhn mail l: POP c thit k x l mail ch "offline"; cn IMAP h tr c 3 ch "offline", "online", v "disconnected". Trong mc ny chng ti s so snh mt cch ngn gn v cc cng ngh POP v IMAP.c im chung v cc cng ngh POP v IMAP H tr ch offline. Mail c phn phi ti mt Mail server chia s (lun c kch hot). Mail n c th nhn t mt my client c nhiu kiu platform khc nhau. Mail n c th nhn t bt c ni no trong mng. Cc giao thc rt r rng v chun theo cc RFC c cng b trn mng. S dng hiu qu trn nhiu phn mm min ph (c c source). Cho cc client trn my PC, Mac, v Unix. S dng hiu qu trn nhiu phn mm thng mi. nh hng mng Internet; khng yu cu s dng SMTP mail gateway. Cc giao thc ch gii quyt vn truy nhp; c 2 u c kh nng nhn cc mail c gi da trn giao thc SMTP. H tr cc ID thng ip c nh (cho hot ng "disconnected").u im ca POPGiao thc n gin hn v d thc hin hn.C nhiu phn mm client s dng hn.u im ca IMAPC th thao tc cc c trng thi thng ip trn server.C th lu tr cc thng ip tng t nh khi ly chng.C th truy nhp v qun l nhiu mailbox.H tr cp nht v truy nhp ng thi ti cc mailbox chia s.C th truy nhp d liu khng phi l mail: NetNews, documents,...Cng c th s dng lc offline ti thiu thi gian kt ni v khng gian a.C c phn giao thc qun l cu hnh ngi s dng.Xy dng ti u kh nng "online", c bit cho cc kt ni tc thp.
CHNG 3AN TON NG DNG MY CH TN V NI DUNG TH3.1. An ton ng dng my ch th tn3.1.1. Ci t my ch th tn an tonVic ci t v thit lp cu hnh an ton ng dng my ch th i vi h iu hnh s c bn lun chi tit hn trong chng 5. Do vy v tng quan chng ta c th ch cn quan tm n vic ci t v thit lp cu hnh cho mt s cc dch v c yu cu i vi mt my ch th, v tm b qua nhng ri ro c th xut hin do cha thc hin vic lp l hng v cp nht h thng. Trong qu trnh ci t thit lp cu hnh cho my ch th nu thy bt k ng dng, dch v hay script no khng cn thit nn loi b ngay trc khi kt thc quy trnh ci t. Trong qu trnh ci t my ch th, nhng bc sau cn c thc hin: Ci t phn mm my ch th trn my ch chuyn dng, Ci t mc ti thiu cc dch v Internet cn c. p dng cc cng ngh lp l hng v nng cp h thng chng cc him ho bit trc. To ra cc phn vng a (logic hoc vt l) s dng cho vic ci t ng dng th. Loi b hoc disable tt c dch v c ci t bi ng dng ch th khng cn thit (v d: th da trn Web, FTP, tin ch qun l t xa, ...) Loi b tt c nhng tin ch khng r ngun gc khi my ch th. Loi b tt c tin ch c s dng lm v d hoc cc cng c c s dng test khi my ch th. p dng cc c ch an ton c sn i vi mt server Thit lp li cu hnh cho cc giao thc SMTP, POP, v IMAP. Loi b cc lnh khng cn thit hoc c th gy nguy him cho my ch th (V d, VRFI v EXPN)3.1.2. Cu hnh an ton ng dng my ch th tnHu ht cc h iu hnh trn cc my ch th cung cp kh nng phn quyn cho vic truy nhp n h thng cc file, cc thit b, v ngun ti nguyn trn my ch . Bt c ngun ti nguyn no trn my ch m mail server c th truy nhp n u l tim nng c th chia s cho tt c ngi s dng trong h thng th tn. Phn mm mail server h tr b sung vic truy nhp n cc tp tin, cc thit b, v ngun ti nguyn nhm qun l v vn hnh cc hot ng ca n. Quan trng nht l vic lm sao c th ng nht cc quyn c thit lp bi h iu hnh v chnh bn thn phn mm mail server. Bn cnh phi m bo c rng cc i tng s dng mail khng c trao qu nhiu hoc qu t quyn. Nh vy ngi qun tr my ch th cn tm ra phng php lm th no thit lp cu hnh tt nht vic qun l truy nhp bo v thng tin c lu tr trn my ch th cng khai trong hai mi quan h di y: Hn ch s truy nhp ca ng dng mail server ti cc ngun ti nguyn ph ca my tnh. Hn ch s truy cp ca ngi s dng n h thng thng qua cc quyn b sung c h tr bi my ch th, ni m nhng mc iu khin truy nhp c thit lp chi tit hn.Vic thit lp cu hnh qun l truy nhp c th ngn cm cc thng tin nhy cm, ring t khi nhng him ho khi mt my ch th c cng khai ho. Hn na, qun l truy nhp c th c s dng nhm gii hn vic s dng ngun ti nguyn trong trng hp my ch th b tn cng t chi dch v (DoS).Nhng i tng in hnh trn my ch th cn c qun l truy nhp bao gm: Cc tin ch phn mm v cc tp cu hnh ca phn mm mail server. Cc h thng file trc tip lin quan n c ch bo mt: Cc tp lu gi tr bm ca mt khu v cc tp c s dng cho vic xc thc. Cc tp cha thng tin u quyn c s dng trong vic qun l truy nhp Cc thng tin v kho m phc v cho vic m bo tnh b mt, ton vn v chng chi b. Cc tp cha thng tin kim ton v nht k ca server Cc phn mm h thng khc v tp cu hnh ca chngm bo rng ng dng mail server ch hot ng nh mt i tng (nhm hoc mt thc th n l) vi cc quyn truy nhp c qun l mt cch cht ch. Bi vy, vic nh danh mi ngi dng, nhm ngi dng c thc hin bi phn mm my ch th cng cn c qun l bi h thng. Vic to mi ngi dng, nhm ngi dng cn c lp v duy nht i vi ngi dng hoc nhm ngi dng khc. y l iu kin quyt nh nhm thc thi vic qun l truy nhp s c m t trong nhng bc tip theo. Mc d ban u my ch c th c khi to vi quyn cao nht (quyn root i vi h thng Unix, hay quyn qun tr i vi cc h thng Windows NT/2000/XP), tuy nhin khng nn cho php server tip tc chy vi mc qun l truy nhp trn.Bn cnh cn s dng chnh h iu hnh ca my ch th hn ch vic truy nhp n h thng tp bi cc tin trnh hay cc dch v th. Cc tin trnh trn chi c php truy nhp vi quyn read-only n cc tp cn thit trong vic thc thi cc dch v mail, v khng c quyn truy nhp n cc tp khc, chng hn nh cc tp nht k ca server. S dng h iu hnh trn my ch th qun l: Nhng tp tm (temporary files) c to ra bi ng dng my ch th b gii hn trong cc th mc ph tng ng. Vic truy nhp n cc tp tm c thit lp bi ng dng my ch th cng b gii hn i cc tin trnh khc ca mail server.Cng cn thit phi m bo rng mail server khng th lu cc tp ngoi cc cu trc tp c xc nh bi mail server. iu ny c th c cu hnh trn chnh mail server hoc cu hnh h iu hnh trong vic qun l tt c cc tin trnh chy trn my ch. Phi m bo c rng cc th mc v cc tp (bn ngoi cy th mc c xc nh) khng th b truy nhp, ngay c khi ngi dng bit c ng dn ca chng.Trn cc my ch Unix v Linux, nn s dng "chroot jail" cho ng dng mail server. S dng chroot thay i view ca mail server trn h thng file ca my ch, c th l th mc root c hin th s khng phi l th mc root thc s ca h thng m n ch l mt phn con ca th mc root h thng. Bi vy, nu mail server nh sp, k tn cng ch c th truy nhp trong gii hn phn con ca h thng file trn my ch. y l mt hnh thc nng cao an ton rt hiu qu.Nhm gim nh hng ca cc loi tn cng DoS, nn thit lp cu hnh my ch th nhm hn ch s lng ngun ti nguyn h thng m trong qu trnh vn hnh c th gy tn hi. Di y l mt vi v d: Ci t hp th ca ngi s dng trn cc cng hoc cc phn vng logic khc nhau hn l trn chnh h iu hnh hay ng dng my ch th. Gii hn cho php dung lng nh km. Bo m cc tp nht k s c lu tr v tr vi dung lng ph hp.Nhng thao tc trn nhm chng li cc tn cng lm trn h thng tp trong qu trnh vn hnh my ch th dn n my ch th b nh sp. Ngoi ra, phng php trn cn c th chng li cc tn cng kiu chim dng kh nng truy nhp ngu nhin n b nh s dng cc tin trnh khng mong mun lm cho tc x l ca h thng chm li hoc thm ch b ph hu, v nh vy lm cho mail server mt i tnh sn sng. Cc thng tin nht k c sinh bi h thng trn ci t mail server s gip ngi qun tr c th nhn ra cc kiu tn cng dng ny.3.2. Bo v th tn in t khi m ph hoiTh in t v ang c s dng nh mt cng c cho vic gi cc tp d liu dng nh phn di hnh thc cc tp nh km. Ban u, chng khng gy ra cc ri ro cho s an ton bi v cc tp nh km thng ch l cc ti liu hoc cc tp hnh nh dung lng nh. Ngy cng c nhiu t chc, c nhn s dng th in t cho cho vic giao dch hng ngy, dung lng v kiu nh dng ca cc tp nh km t m cng ngy mt gia tng. Ngy nay, rt nhiu th in t c gi vi cc tp nh km l cc chng trnh chy, tranh nh, nhc v m thanh. Vn t ra y l loi tp nh km no c php, hay mt tp vi nh dng bt k no cng c th c trao i qua th in t di dng tp nh km.Quyt nh khi no th cho php nh km c th l mt quyt nh khng phi d. Khng cho php gi theo cc tp nh km trong th in t s lm n gin ho mt h thng v lm cho h thng an ton hn; Tuy nhin, s lm gim s hu dng vn c ca h thng th tn in t. Ni chung vic cho php nh km l mt nhu cu thc t ca ngi s dng. Tuy nhin, ngi qun tr h thng th cn xc nh trc cc kiu nh dng d liu s c cho php nh km. Cch tip cn n gin nht l cho php nh km tt c cc loi tp. Nu nh vy, cn ci t cc b qut virus trn ng truyn th in t nhm lc b cc m ph hoi, thm ch c th phi s dng cc tin ch pha client nhm cm cc hot ng xut pht t cc nh km dng chng trnh chy. Mt cch tip cn tt hn l lc cc kiu nh km l tim nng c th gy nguy him cho h thng (cc tp nh km c phn m rng vbs, ws, wsc chng hn) ngay mail server hoc trn mail gateway, kt hp vi vic qut virus i vi cc tp cho php nh km.Vi-rt c th c truyn qua cc th in t theo dng vi-rt th hoc l vi-rt nh km. Nu mt my ch th khng c ci t phn mm chng vi-rt, hoc c ci t nhng phn mm chng virus hot ng khng hiu qu, kh nng e do s an ton cho ngi s dng u cui s tng ln. Mt s phn mm th in t my trm ph bin hin nay c nguy c cao trong vic ly nhim v truyn cc vi rt sinh ra t th in t. Cc loi virut trn l c trng cho kt qu h tr cc ni dung tch cc ca cc trm th in t, chng hn cc thng ip HTML. Vic ngn cm hoc cho php cc ni dung c tnh hot ng nh trn cn c thc hin bi cc nh xy dng cc ng dng th in t.Nhiu loi ni dung c th c xem l ni dung hot ng. in hnh l cc ni dung di dng cc script hoc cc control object. Cc kiu ni dung hot ng ph bit nht c bit n hin nay l ActiveX, Java, JavaScrip, v Visual Basic Script. Cc vi rt di dng ni dung hot ng v m ph hoi c th nh hng n MUA. khc phc iu , ngi qun tr nn cu hnh nhm qun l cht chng v a ra nhng thng bo cho ngi s dng u cui.3.2.1. Qut VirusChng s ph hoi xut pht t ni dung hot ng ch l bc u tin nhm bo v ngi s dng u cui. Bc tip theo l bo v vic sinh virus t nhng tp nh km. bo v khi virut v cc m nguy him khc, nht thit phi thc thi vic qut virus ti mt hay nhiu khu trong qu trnh phn phi th in t. Vic qut virut c th c thc hin trn bc tng la ni d liu th in t bt u vo mng ca mt c quan hay t chc no , ngay trn my ch th in t hay trn cc my trm ca ngi s dng u cui. Mi la chn c im mnh v im yu ring. Nu ngun ti nguyn cho php, vic s dng nhiu hn mt s la chn trn s em li s an ton cao hn.Vic qut virut ti bc tng la hay ti cc khu truyn th trung gian l mt la chn ph bin. Trong trng hp ny, bc tng la hay cc khu trung gian s chn cc thng ip th in t trc khi chng n c my ch th in t ca mt t chc hoc mt cng ty no . Chng trnh qut virus trn bc tng la s thc hin qut cc thng ip trn, nu khng pht hin ra c virus thng ip th in t s c chuyn n my ch th ca t chc hay cng ty phn pht. Bc tng la nghe trn cng TCP 25 cho kt ni SMTP, nhn cc thng ip, qut virut ri chuyn chng n my ch th in t c cu hnh nghe trn cng no ch khng nht thit l cng 25 nh thng thng. Mt bt li ca phng n ny l vic qut lin tc dng d liu SMTP c th gim hiu sut lm vic ca bc tng la. khc phc iu ny l chuyn chc nng qut virut sang mt my ch chuyn dng khc.
Hnh 3.1 M hnh qut virus trn FirewallDi y l mt s li ch qut virut cho th in t ti bc tng la: Th in t c th c qut virut theo c hai hng (trong v ngoi mng ca mt t chc hoc cng ty no ) Virut c th b chn li trc khi xm nhp mng. C th qut virut cc th vo mng m khng cn thay i ln cu hnh my ch th in t hin ti. C th qun l tp trung vic qut virut m bo s tun th chnh sch an ton ca t chc Cc bc tng la thng h tr nhiu giao thc khc nhau, v vy chng ta c th s dng chng trnh qut virus cho cc giao thc khc (v d nh HTTP, FTP).Nhc im ca vic ci t trnh qut virut trn bc tng la: Yu cu sa i ln cu hnh my ch th in t hin ti khi qut virut cho th in t theo hng ra ngoi mng. Khng th qut virut cc th in t m ho Khng bo v c ngi s dng ni b khi xut hin virus mng trong ca cng ty hay t chc tr khi mng c cu hnh tt c dng d liu truyn qua giao thc SMTP c nh tuyn qua mt b qut chuyn dng trc khi n my ch th in t ca cng ty hay t chc . Yu cu my ch c cu hnh cao chu ti.La chn th hai l ci t trnh qut virut cho th in t trn chnh my ch th in t. La chn ny rt hu ch cho vic bo v th in t khi cc virut c ngi s dng trong mng ni b gi cho ngi s dng mt mng khc v cc thng ip thng khng c bc tng la qut virus. Bt li ch yu ca qut virut trn my ch th in t l tc ng tiu cc n hiu sut lm vic ca my ch th in t do yu cu phi qut tt c cc thng ip. Mt bt li na l vic qut virut trn my ch th in t thng yu cu bin i ln v cu hnh my ch th in t hin ti.
Hnh 3.2 M hnh qut virus trn chnh my ch thDi y l mt s u nhc im ca phng n ny.u im: Th in t c th c qut virut theo c hai hng (trong v ngoi) C th thc hin vic qun l trung tm m bo tun th chnh sch bo mt ca t chc. C th bo v ngi s dng ni b khi c mt virut trong mng ni b ca t chc hay cng tyNhc im: Qut virut yu cu bin i ln v cu hnh my ch th in t hin ti. Khng th qut virut c cc th in t c m ho. Yu cu my ch th phi c cu hnh cao khi s dng cho cng ty hay t chc c nhiu ngi s dng.Cc phn mm th in t server nh Microsoft Exchange v cc phin bn mi ca Sendmail h tr vic tch hp qut virut ti my ch th in t. Bt u t Exchange phin bn 5.5, Service Pack 3, v Microsoft Exchange 2000, Microsoft to ra mt giao din lp trnh ng dng chng virut (AVAPI) c thit k plug-in cc trnh qut virut. Microsoft Exchange c th c m rng to cc chc nng nh: qut virut trong cc tp nh km, qut ton b hp th, pht hin v loi b virus, .... Nhiu chng trnh qut virut plug-in cho Microsoft Exchange c kh nng chn cc loi tp nh km da trn cc tn file hay m rng ca file. V d, gii hn kh nng ly nhim cc virut macro, mt t chc c th chn tt c cc loi file Microsoft Office thng thng nh .doc, .dot, v .xls.Sendmail phin bn 8.10 hoc cao hn cung cp cc API qun l cho php tch hp cc trnh qut virut v phn mm lc ni dung trong MTA. Ch rng, vi bt k mt phn mm qut virus no th cc cc nh qun tr my ch th in t cng cn phi cp nht danh sch virus mi nht.D la chn phng n qut virus trn bc tng la hay trn chnh cc my ch th in t, chng ta cn: Pht hin v qut tt c cc virut bit v cc loi m nguy him khc. H tr qut thng minh (tr gip mt s bin php bo v khi cc virut mi hoc cha c bit) Tr gip vic lc ni dung Kt hp vi c ch ngn nga kh nng ph v h thng bi cc nguy c khc D dng trong vic qun l H tr vic cp nht t ng Cp nht thng xuyn (yu t bt buc) C th nh danh v p dng quy tc cho cc loi ni dung khc nhauMt la chn na l ci t trnh qut virut trn cc my trm, tc trn chnh cc my ca ngi s dng u cui. Th in t c qut khi ngi s dng m. u im ln ca phng n ny l vic qut virut c phn tn trn nhiu my, do s c nh hng rt t n hiu sut lm vic ca mi h thng ring.
Hnh 3.3 Qut vi rt c thc hin trn cc trm ca ngi s dng.Thch thc ln nht trong vic thc hin qut vi rt trn cc trm ca ngi s dng l rt kh qun l cc trnh qut virut, c bit l trong vic qun l tp trung v vic cp nht. Tuy nhin, hin ti c cc gii php h tr vic qun l tp trung cc b qut vi rt trn cc my khc nhau. Mt im yu khc l ngi s dng s l ngi kim sot b qut vi rt; nh vy h c th t mnh v hiu ho mt s hoc tt c chc nng ca n (c th do ngu nhin hay v tnh).Li ch ca vic qut virus trn cc my khch: Khng yu cu bt k sa i no trn mail server C th qut cc th in t c m ho khi ngi s dng gii m chng Vic qut virus c phn tn trn nhiu my v do hn ch ti a nh hng ca vic qut i vi my ch. Cung cp kh nng bo v cho nhng ngi s dng bn trong thm ch khi ngun gc ca virus xut pht t mt ngi s dng bn trong.Cc bt li khi qut vi rt my khch nh sau: Kh qun l tp trung Nhng ngi s dng c th cp nht chm cc b qut vi rt, dn n vic nh hng n c mt tp th Ngi s dng c th loi b cc chc nng ca trnh qut virus Ch qut cc thng ip voKhng x l c virus trn bc tng la hoc trn my ch th in t trung tm.S l hiu qu nu thc hin t nht hai phng n qut vi rt m chng ta bit n trn. La chn an ton nht l thc hin mt b qut vi rt trung tm ho (hoc ti bc tng la, hoc trn my ch th) kt hp vi phng n qut virus trn cc my ca ngi s dng u cui. Nh vy chng ta s c nhiu tng bo v v kt hp c cc u im ca cc phng n trnC l quan trng nht l vic khuyn co ngi s dng v s nguy him ca cc vi rt nhim th in t, m ph hoi, h: Khng bao gi m cc tp nh km c gi t nhng a ch khng r rng. Khng bao gi m cc tp nh km khi nghi ng chng c virus (v d cc tp nh km c tn: attachment.txt.vbs, attachment.exe). Nghi ng cc th in t t nhng ngi gi quen bit m dng tiu hoc ni dung khng ph hp vi mi quan h hin ti ( v d: mt bc th in t vi tiu : " Anh yu em" t mt ng nghip bnh thng) hoc cc ch chung chung( v d: "hy bm vo y") Qut tt c cc tp nh km bng mt b qut vi rt trc khi m, bng cch cu hnh b qut vi rt n c th thc hin mt cch t ng nhim v ny. Cp nht c s d liu virus ca mt b qut vi rt hng ngy, hng tun hoc khi xut hin virus mi.Mt s quan tm khc lin quan n cc tp nh km l dung lng vn c ca n. Do cc yu cu trong vic x l v lu tr i vi cc thng ip c dung lng ln, cc my ch x l th s a ra dung lng ti a c chp nhn i vi mt thng ip th tn in t. Khi mt tp nh phn (nh tp nh) c nh km vo thng ip th in t, n s khng c gi nh nh dng ban u m n s c m ho di nh dng mi. Nh cp trong chng 1, cc tp nh km di dng nh phn c chuyn thnh dng Base64. Khi chuyn sang nh dng ny s lm tng 33% dung lng ca thng ip th in t. Nh vy mt thng ip ch gm phn tiu c bn v tp nh km 1MB s tr thnh mt thng ip vi dung lng xp x 1.33MB.Thc hin gii hn dung lng s em li li ch cho my ch th nh: Gim tr trong vic phn phi th in t Gim yu cu lu tr Gim yu cu i vi cu hnh ca my ch.3.2.2. Lc ni dungTrn thc t, vic lc ni dung lm vic theo nguyn l tng t thc hin qut vi rt trn bc tng la hoc my ch th. V bn cht, y l qu trnh thc hin vic tm mt c tnh no c xut hin trong ni dung th hay khng. Khi thc thi vic qut virus hoc ngn cm mt loi tp no (cn c vo phn m, tn tp hay nh dng tp) th ch m bo c mt mc an ton no . Thc t chng minh kh nng gy tn hi cho h thng xut pht t cc ni dung th v cc tp nh km cn ln hn nhiu so vi virus hay cc loi m ph hoi khc. Chnh v th, mt s bin php lc ni dung cn c trin khai i vi mt h thng th in t. Ni chung, cc quy tc c nh ngha nhm cch ly, lm sch, ngn chn hoc xo bt k d liu no i qua my ch cn cn c vo kt qu ca qu trnh qut. Di y l mt s thnh phn tiu biu c th b chn v x l bi cc b lc: Th in t cha ni dung ng ng (V d: Active X, JavaScript), chng s c g b phn m gy nn s nghi ng trc khi chuyn n ngi s dng. Th dng bom th c th b xo Cc tp c dung lng ln c th b dng phn pht ti cc gi khng cao im (ti thi im lng d liu giao dch nhiu).Mt c im chnh na ca cc gi lc ni dung l cho php vic qut d liu c gi ra bn ngoi mng. Vic phn tch t vng c th c thc hin, nh vy s qut c cc thng ip cha t v cm t c xem l tng ng vi chc nng s dng th in t ca mt t chc hay cng ty no . Vic phn tch t vng cng c th c s dng nhm lu li cc thng tin trao i qua th in t c ni dung chng li cng ty, hoc cc th c mc ch tn cng theo kiu bom th xut pht t t chc hay cng ty . Mt khc, vic phn tch t vng cn c th c s dng qun l cc thng tin nhy cm ca mt cng ty hay t chc, khi chng c nguy c b r r theo ng th in t.Trc khi thc hin gii php lc, cn phi xc nh c tnh trng hot ng hin ti ca mng v cc ng dng trn mng. Cng vic ny c th c thc hin nh cc cng c phn tch mng (Sniffer); phn tch router, bc tng la v cc tp nht k ca my ch. Ngoi ra thng tin v tnh trng hot ng ca mng c th nhn c t chnh nhng ngi qun l mng . Bn cnh cng cn phn tch chnh sch an ton hin ti c thit lp h thng (hoc mt chnh sch an ton c phc tho trc nhng cha c thc thi). Vic xc nh mt cch r rng cc chnh sch an ton l mt yu t rt quan trng trong vic chuyn cc mc tiu an ton ca mt t chc hay cng ty thnh cc quy tc lc. Mt vn cng cn c quan tm v vic thit lp cc thuc tnh lc phi c thc hin mt cch chnh xc, nu khng s dn n tnh trng cc ni dung cn lc li khng c lc, trong khi cc thng tin hon ton hp l li b chn bi cc b lc. Hin ti c nhiu ng dng lc ni dung khc nhau c th h tr cho hu ht cc h thng truyn thng ip th in t. Mt b lc ni dung c xem l hiu qu nht l b lc c th lc c tt c cc th i v n mt mng ca mt cng ty hay t chc no . Nhiu sn phm mi kt hp c cc chc nng nh lc ni dung, qut vi rt v hn ch kiu tp c php gi qua th in t. Vic kt hp cc tnh nng trn trong cng mt sn phm s gip gim nh vic qun tr c ch an ton ca mt mng.3.2.3. Cc vn lin quan n lc ni dungMc d vic lc ni dung th in t rt quan trng i vi c ch an ton mng ca cc t chc, tuy nhin cc qui tc php l cn c a ra trc khi thc hin cc qui tc lc. Bn cnh vic thc hin lc ni dung trn mng thc t cn c nhng vn bn php l i km xc nh r rng c ch an ton cho t chc. Chnh sch s dng an ton th in t nn c in thnh vn bn mt cch r rng, th in t s b theo di, qun l v s c nhng ch ti tng ng i vi nhng th in t c th lm phng hi n li ch ca t chc. Vn bn qui nh cc chnh sch an ton trn cn c ngi thc thi hiu v thc hin theo. Mc d chnh sch an ton chung c th c thc hin nhng vn bo m cho nhng thng tin c nhn ca mi i tng trong t chc cng cn c quan tm. V d, trong mt s trng hp mi c nhn c quyn gi b mt v thng tin trong cc th in t ring ca mnh. Vy c ch an ton chung ca cng ty phi chu trch nhim v vic c th r r cc thng tin trn. Nu khng c chnh sch c th cho vn ny, rt d dn n s tranh chp rt kh gii quyt.Tng t nh vy, trong mt s tnh hung, cc thng ip th in t c xem nh c gi tr php l tng ng nh cc chng t vn bn vit tay khi chng c k ch k s. iu ny c ngha l cc thng ip th in t (bao hm c th in t c nhn) cn c lu tr v bo qun theo ng qui tc qun l cc vn bn php l khc. Nh vy, mi i tng thuc t chc, cng ty cn c nhn thc r rng v chnh sch an ton. C th hn chnh sch an ton phi c chuyn ti tn tay i tng ngi s dng trong cng ty. Hn na, n cn c xem nh mt yu cu trong hp ng lao ng hoc mt iu kin lm vic c quy nh trong hp ng i vi ngi s dng. Cc vn c lin quan nh c s php l, quyn c nhn, quyn ca ngi qun tr, ... cn c xem xt mt cch k lng trc khi xy dng chnh sch an ton. chc chn mt iu rng chnh sch an ton c cc chuyn gia xem xt k nhm m bo tnh chnh xc v mt php l v khng vi phm quyn ca ngi lao ng. Bn cnh , cng cn c s phn hoch r rng cc i tng v chc nng ca h trong cng ty c th t ra cc an ton cho ph hp. Vic hn ch s dng ngun ti nguyn trn Internet s gip cho vic thc hin chnh sch an ton mt cch trit , tuy nhin vi xu th hin ny yu cu trn l khng hp l. y l ni cc cng c lc ni dung th c th pht huy vai tr ca mnh.3.3. Ngn nga vic gi th hng lotNgy nay lun c cc i tng mun khai thc cc phng tin truyn thng cng khai ho cc tng hoc sn phm ca h. Trong , th in t khng phi l trng hp ngoi l. Thut ng chung nht dng cho cc thng ip kiu ny l th in t thng mi t nguyn (UCE Unsolicited Comercial Email) hoc Spam. Hu ht ngi s dng th in t u t nht mt ln nhn c cc th in t khng mong mun trn. khc phc hin tng trn cc nh qun tr c th buc phi qun l lu lng th i qua server. Li ch trong vic thc hin kim sot UCE l gim dung lng hp th t gim cc yu cu v khng gian lu tr trn cc my ch th. kim sot cc thng ip UCE, cc nh qun tr cn phi gii quyt hai vn chnh: m bo rng cc UCE khng c gi t cc my ch th m h qun l. Thc hin vic kim sot cc thng ip th in t n, y cng chnh ni dung chnh ca mc ny.V Internet khng c c quan no c thm quyn kim sot chung, nn cc nh qun tr cc my ch th thit lp ra cc danh sch gm cc my ch th thng c s dng gi cc th in t kiu spam. Cc danh sch ny c cc nh qun tr xem l cc danh sch en mang tnh m (ORBs - Open Relay Blacklists). Nhiu ng dng my ch th ph bin hin nay c tnh nng t chi khng nhn cc thng ip xut pht t cc ORBs no . Cc danh sch trn c cp nht thng xuyn; do , my ch c thit lp cu hnh t chi khng nhn th in t xut pht t cc my ch c trong danh sch en s lm gim i s phin toi m spam c th gy ra cho ngi s dng. Di y l trch dn phn ni dung ca tp cu hnh Sendmail nhm qun l cc ORB.
.....Feature ('dnsbl', relays.mail-abuse.org')Feature ('dnsbl','input.orbs.org'.....
Bn cnh , phn ln cc my ch th c th c cu hnh t chi vic nhn cc thng ip in t c gi n t mt tp tn min xc nh no . Di y l phn trch dn t mt tp cu hnh truy nhp ca sendmail c chc nng kim sot UCE thng qua vic cho php hoc t chi cc thng ip th in t c chuyn tip t mt tp tn min no .
local.com Relay # cho php r le t local.comSpammers.net Reject # ngn cc th t spammers.net(127.0.0.1) OK# bo v th t my ch ring ny10. Reject # ngn cc th t min IP ny
3.4. Chuyn tip th c xc nhnNh c cp n trong phn trc, vic thit lp cu hnh xc thc cc th chuyn tip s lm gim kh nng gi th hng lot qua mt my ch th. Mt li ch na trong vic xc thc cc th chuyn tip l lm tng kh nng an ton v tnh kh dng ca h thng.Hin c hai phng php c h tr vic qun l cc th chuyn tip. Phng php th nht l kim sot cc mng con hoc tn min m t cc thng ip th in t c gi i. Phng php ny rt hiu qu trong trng hp h thng th in t c thit lp trong mt di a ch cho trc. Tuy nhin, nu trong h thng c nhng ngi dng t xa vi cc di a ch khc nhau th vic p dng phng php ny s khng mang li hiu qu. gii quyt vn ngi s dng t xa, cn c mt cu hnh mnh hn.Phng php th hai l yu cu ngi s dng t xc nhn h trc khi h mun mt thng ip no . Phng php ny c gi l chuyn tip th c xc nhn hoc SMTP AUTH, l mt m rng ca giao thc SMTP nhm h tr vic xc thc ngi s dng. Nhng rt tic rng, cu hnh mc nh ca hu ht cc my ch th l khng thc thi vic xc nhn chuyn tip. Do , ngi qun tr my ch th phi t thit lp cu hnh chc nng ny. Xc nhn chuyn tip l mt trong cc tnh nng c s dng t nht nhng tc dng trong vic nng cao an ton cho cc my ch th l rt ln.3.5. Truy nhp an tonTrong chng 1 chng ta cp n cc giao thc truyn th v truy nhp hp th khc nhau. Ging nh nhiu giao thc Internet khc, hu ht cc giao thc trn cha c tch hp sn cc chc nng m ho v xc thc. Vic cha c tch hp cc tnh nng bo mt v xc thc c th dn n ba vn ngi s dng c th gp phi. Th nht, i vi ngi s dng gi cc thng ip th in t, ni dung ca chng c th b chn bt v c bt hp php trn ng truyn, thm ch cc ni dung c th b gi mo hoc thay i. Th hai, ngi nhn khng th kim tra xut x cng nh tnh ton vn ca cc thng ip th in t. Th ba, nu khng s dng c ch thng tin xc thc s dng mt ln th khi mt ngi dng truy nhp vo hp th ca mnh mi thng tin c s dng ng nhp c gi di dng r trn mng, nh vy cc i tng tn cng c th nghe ln v s dng li. Hin nay, cu hnh mc nh cho hu ht cc phn mm th in t khch c thit lp ch gi mt khu r to iu kin chn bt cho cc my tnh khc trong bn thn mng cc b ca ngi dng hoc bt k mt my no c chc nng chuyn mt khu n my ch th in t c th.Vn cui cng c th c gii quyt thng qua vic p dng phng php thng c s dng bo v dch v Web - s dng giao thc bo mt tng vn ti (TLS - Transport Layer Security). TLS c thit k da trn giao thc bo mt tng socket phin bn 3 (SSLv3 - Secure Socket Layer version 3). Chng ta c th s dng TLS kt hp vi cc giao thc POP, IMAP, v SMTP bo mt cho d liu giao dch gia cc my khch th in t v my ch th in t. Di y l mt v d trong tp cu hnh ca Sendmail, thit lp vic s dng giao thc TLS:
.define ('CERT_DIR','MAIL_SETTING_DIR''certs')dnldefine('confCACERT_PATH','CERT_DIR')dnldefine('confCACERT','CERT_DIR/CAcert.pem')dnldefine('confSERVER_CERT','CERT_DIR/mycert.pem')dnldefine('confSERVER_KEY','CERT_DIR/mykey.pem')dnldefine('confCLIENT_CERT','CERT_DIR/cert.pem')dnldefine('confCLIENT_KEY','CERT_DIR/mykey.pem')dnl.
3.6. Truy nhp th thng qua WebNgy cng c nhiu t chc cung cp trnh duyt web c th truy nhp vo h thng thng ip th tn in t. Kh nng truy nhp th in t thng qua giao din Web cho php chng ta thc hin c ch an ton cho c pha client v pha my ch. Lnh vc bo m an ton cho cc trang Web nm ngoi phm vi ca gio trnh ny. Tuy nhin khi s dng giao din Web truy nhp n h thng th tn in t, chng ta cn ch : Khng nn ci t c phn mm Web server v phn mm mail server trn cng mt my ch. Cn thit lp c ch bo mt giao dch Web s dng giao thc SSL/TLS.3.7. Bng lit k cc danh mc
thc hinCng vic
ng dng my ch th tn
Ci t phn mm mail server trn my ch
Ci t ti thiu cc dch v Internet cn thit
p dng cc bin php lp l hng v cp nht h thng nhm chng li cc im yu
Loi b hoc lm mt tc dng tt c cc dch v c ci t nhng khng cn thit
Loi b tt c cc ti liu ra khi my ch
p dng cc c ch an ton mu trn my ch
Thit lp li cu hnh cc dch v SMTP, POP v IMAP (v cc dch v khc nu cn thit)
Lm mt tc dng cc lnh mail khng cn thit hoc nguy him (nh VRFY, EXPN)
Thit lp cu hnh h thng v iu khin truy nhp mail server
Gii hn kh nng truy nhp ca ng dng my ch th n cc ngun ti nguyn khc ca my ch
Gii hn kh nng truy nhp t ngi dng thng qua c ch iu khin truy nhp b sung ca my ch th.
Thit lp cu hnh ng dng my ch th hot ng nh mt ngi dng hoc mt nhm c nh danh ring v duy nht vi cc iu khin truy nhp nht nh
m bo rng phn mm my ch th khng c chy vi vai tr l root hay ngi qun tr
Thit lp cu hnh h thng phn mm my ch th c th ghi cc tp nht k nhng khng th c chng
Thit lp cu hnh h thng cc tp tm thi c to bi phn mm my ch th c lu trn cc th mc c bo v
Thit lp cu hnh h thng ngn cm vic cc tin trnh my ch th truy nhp n cc tp tm.
m bo rng phn mm my ch th khng th lu cc tp ngoi th mc c ch ra
Thit lp cu hnh phn mm my ch th chy trong ch chroot jail khi s dng mi trng Unix hoc Linux
Ci t cc hp th ngi dng trn mt a cng hoc mt phn vng logic ring (khng cng trn phn vng vi h iu hnh v phn mm my ch th)
Gii hn dung lng ca cc tp nh km trong mt th in t
m bo rng cc tp nht k s c lu trn vng b nh c dung lng ph hp
Ni dung v tp nh km gy tn hi
Ci t b qut vius trung tm (trn gateway, firewall hoc trn chnh my ch th)
Ci t trnh qut virus cho tt c cc my trm th
Cp nht c s d liu virus cho cc b qut virus theo nh k hoc khi xut hin virus mi
Khuyn co ngi s dng v mc nguy him ca virus v phng php lm gim s nguy him ca chng
Thng bo n ngi dng nu h thng c vn
Thit lp cu hnh b lc ni dung ngn cc thng ip nghi ng
Thit lp cu hnh b lc ni dung ngn cc thng ip UCE
Thit lp cu hnh phn tch t vng nu cn thit
To chnh sch lc ni dung
Thit lp cu hnh my ch t chi cc thng ip chuyn tip t cc a ch trong danh sch en
Thit lp cu hnh my ch t chi cc thng ip chuyn tip t tn min c ch ra
Thit lp cu hnh xc nhn chuyn tip
Thit lp cu hnh s dng xc thc c m ho
Thit lp cu hnh my ch th h tr kh nng truy nhp qua Web ch khi s dng SSL/TLS.
CHNG 4AN TON TH TRN MY TRMHng ngy c hng trm, nghn mail client truy nhp n cc my ch th. Bi vy d c ch an ton c thit lp cho cc my ch th c cao n u th vic m bo an ton bn pha client cng l mt vn rt quan trng i vi s an ton chung ca h thng. Trn nhiu kha cnh, ri ro i vi pha client l ln hn i vi my ch th. Nhiu xut c a ra nhm xem xt v gii quyt cc mc an ton c th cho cc phn mm th my trm. Vic xc nh r c ch an ton cho cc phn mm th my trm c th khng c cp y, m chng ta ch gii thiu nhng g chung nht c th p dng cho hu ht cc phn mm th my trm.4.1. Ci t, thit lp cu hnh, s dng cc ng dng trm an ton4.1.1. Lp l hng v cp nht phn mm trmBc quan trng nht trong vic thit lp c ch an ton cc phn mm th in t my trm l m bo rng tt c ngi s dng ang c s dng phin bn mi nht, c an ton cao nht ca phn mm th my trm vi vic p dng tt c cng ngh lp l hng cn thit. nh danh cc im yu ca phn mm th my trm c th no chng ta c th tham kho t trang Web http://icat.nist.gov, ca vin tiu chun cng ngh (NIST) quc gia M. Di y l danh sch cc trang Web cung cp cc cng c lp l hng cho tng loi phn mm th my trm: Edura: http://www.edura.com/ Lotus Notes: http://www.lotus.com/home.nsf/welcome/downloads Microsoft Outlook:http://www.microsoft.com/office/outlook/default.htm Microsoft Outlook Express:http://windowsupdate.microsoft.com/ Netscape:http://home.netscape.com/smartupdate/Vic cp nht cho Outlook l kh phc tp hn bi v y l mt phn mm th in t my trm hot ng trong s lin kt vi trnh duyt Microsoft Internet Explorer. Cc cu hnh c thit lp v im yu ca Internet Explorer c th c s nh hng ti s an ton ca Outlook; do vy, bn cnh vic cp nht cho Outlook chng ta cng cn thc hin vic cp nht cho c Internet Explorer. Nu vic chy mt phin bn an ton ca mt phn mm th in t my trm khng thnh cng s gim tnh hiu qu ca cc bin php thit lp c ch an ton s c bn trong cc mc tip theo.4.1.2. Trm th an tonNi chung cc cng ty khi xy dng phn mm th in t cho my trm thng tch hp sn cc tnh nng an ton, v cc tnh nng ny c kh nng thc thi cao trn thc t. Nhng nu ch dng li mc s dng cu hnh mc nh ca cc phn mm th in t my trm ngi s dng s cha li dng ht c cc c ch an ton vn c ca chng. Ni chung vi mi phn mm th in t my trm chng ta cn thc hin cu hnh mt s tnh nng sau: V hiu ho kh nng m th t ng V hiu ha vic m t ng th tip theo V hiu ho vic x l th c ni dung tch cc. iu ny s xut hin nhng rc ri i vi cc phn mm th in t hot ng trong mi lin h vi trnh duyt, v khi v hiu ho tnh nng ny s nh hng n chc nng ca trnh duyt trong vic hin th cc trang Web. Trong nhng trng hp nh vy, vic la chn chc nng no s b v hiu ho, chc nng no khng phi c thc hin mt cch ht sc cn thn. Mt cng vic khc l cn xc nh nhng vng an ton ring bit cho phn mm th in t v trnh duyt. Nh vy s cho php trnh duyt b c t chc nng b cm hn so vi cc phn mm th my trm. Thit lp " vng an ton" cho Outlook: V hiu ho kh nng ti cc ActiveX khng c k V hiu ho cc quyn Java V hiu ho cc script tch cc V hiu ho cc script ca Java AppletLu rng vic thit lp trn l dnh cho Outlook trnh duyt Internet Explorer 5.5. Nhng phin bn khc ca ng dng trn cng c cc bc thit lp cu hnh tng t. Ngoi ra, vic thc hin cc thao tc cu hnh trn s c tc dng i vi c Outlook v trnh duyt Internet Explorer. Thit lp cu hnh cho Eudora: V hiu ho vic "Cho php thc thi trong ni dung HTML" V hiu ho Microsoft viewer V hiu ho MAPI. Thit lp cu hnh Netscape: Khng la chn "Enable Java" Khng la chn "Enable JavaScript for Mail and News" Khng la chn "Send email address as anonymous FTP Password" Loi b "Microsoft ActiveX Portability Container for Netscape" nh cc plug-in h tr ActiveX khc. 4.1.3. Xc thc v truy nhpTrc y mi ng dng th in t my trm khng yu cu xc thc ngi s dng bi v quyn truy nhp n cc hp th c da trn quyn ca h iu hnh trong vic qun l h thng tp v quyn ca ngi s dng i vi tp mailbox. Vi pht trin sau ny cc MUAs c cung cp chc nng truy cp nhng hp th t xa thng qua cc giao thc POP v IMAP, vic xc thc ngi s dng tr thnh mt yu cu khng th thiu. Vic xc thc ngi s dng c thc hin thng qua vic h nhp cc thng tin v tn ngi s dng v mt khu truy nhp n hp th. to kh nng thn thin hn vi ngi dng cc thng tin c s dng truy nhp n my ch th c lu trong mt tp cu hnh. Bn cnh tnh tin dng m gii php ny em li cho ngi s dng, th y cng l mt im yu i vi phn mm th in t my trm. Cc thng tin trn tp cu hnh c th b nh cp bi cc i tng xm phm nhm truy nhp n hp th ca ngi s dng khai thc thng tin mt cch bt hp php. tng kh nng an ton ca cc tin ch th in t my trm, chng ta cn v hiu ho chc nng t ng nhp thng tin truy nhp ca ngi s dng thng qua tp cu hnh. Nu khng th v hiu ho chc nng ny th tp cu hnh phi c lu mt cch an ton (chn ni lu v c cc bin php bo v). Nhiu h iu hnh cung cp mt s mc an ton trong vic phn quyn v qun l truy nhp c th s dng bo v tp cu hnh. ng tic l mt s h iu hnh ph thng nh Window95/98/ME li khng h tr kh nng ny. i vi cc h iu hnh h tr kh nng trn cn m bo rng tp cu hnh phi c thit lp thuc tnh ch c truy nhp bi ch th to nn n. Ngoi ra cng cn m bo rng tp cu hnh phi c t trong th mc c qun l bi ch s hu. Trong trng hp h iu hnh khng h tr kh nng phn quyn v qun l truy nhp i vi cc tp tin, th gii php tt nht l loi b mt khu ra khi tp cu hnh hoc s dng vic m ho bo v tp cu hnh.C nhiu ng dng khc c th c s dng thit lp vic truyn thng my trm v my ch th tn in t. Vi cu hnh mc nh ca cc giao thc SMTP, POP hay IMAP, th chc nng m ho cha c. iu ny s gip cho i tng xm phm bt hp php c th ngn chn, khai thc hay bin i cc thng tin nh mt khu, tn ngi s dng thm ch c ni dung ca th. Gii php khc phc im yu trn l s dng cc giao thc bo mt nh TLS/SSL m ho d liu trong qu trnh truyn thng gia my ch v my trm th. Hin nay nhiu phn mm th in t my trm h tr kh nng s dng cc giao thc trn.4.1.4. An ton i vi h thng x l ca my trmNhiu h iu hnh hin nay h tr kh nng thit lp cu hnh v cc bin php nhm nng cao an ton cho my trm th mt cch trc tip hoc gin tip. H iu hnh l mt thnh phn quan trng trong s an ton chung ca ca mt my trm th. H iu hnh trn cc my trm th cn c: Cp nht cc gii php lp l hng c an ton cao nht. Thit lp cu hnh cho php truy nhp n cc thng ip c lu tr ni b v cc tp cu hnh ca my trm th i vi mt hoc mt s ngi dng nht nh no . Thit lp cu hnh (ch i vi nhng my dng h iu hnh Windows) Windows Script Host (WSH): Loi b WSH hoc ch cho php ngi qun tr truy nhp. Thay i vic thc thi mc nh ca cc tp c phn m rng c lit k di y trong qu trnh thc hin son tho WSC (Windows Script Component) WSH (Windows Script Host Settings File) WS (Windows Script) WSF (Windows Script File) VBS (Visual Basic Script) VBE (VBScript Encoded File) JS (JavaScript) JSE (JavaScript Encoded File) Trn cc my trm th s dng h iu hnh Windows, cn m bo rng chng c thit lp cu hnh hin th y phn m rng ca cc tp (nh vy s m bo cho ngi s dng c th phn bit c mt cch r rng hn cc tp c gi nh km, v d nh iloveyou.txt.vbs hay iloveyou.txt) Ci t trnh qut virus v thit lp cu hnh tin ch ny c th qut mt cch t ng tt c nhng thng ip th in t n v cc tp nh km khi chng c m ra. m bo rng h iu hnh ch cho php cc ng dng khc chy trn n cc c quyn mc ti thiu nht, bi v tt c cc m ph hoi u chy trn nn an ton c thit lp ca mi trng m n chy trn . m bo rng cc thnh phn quan trng ca h iu hnh c bo v khi cc loi m ph hoi. S dng ng dng m ho tp bo v th c lu tr trn a cng ca ngi s dng (iu ny c bit quan trng cho nhng my tnh xch tay, d liu rt d b nh cp). Thit lp cu hnh h iu hnh t ng kho my sau mt thi gian khng hot ng no .4.2. An ton cho cc thnh phn cu thnh ni dung thCng ging nh Internet, th tn ang ngy cng c s dng nhiu cho cc lnh vc thng mi cng nh trong vic trao i cc thng tin nhy cm khc. Vic m ho s c s dng gi thng ip th in t mt cch an ton. Hai phng php c bn p dng cho vic m ho th tn l S/MIME v PGP. C hai phng php ny u a ra cc mc bo v tng t nhau, nhng cu trc ca chng l khc nhau. Hu ht cc phn mm th in t my trm u h tr S/MIME, trong khi PGP c ng dng di dng cc thnh phn plug-in. Vic la chn phng php no trong hai phng php trn cn cn c vo vic p ng cc yu cu ca t chc hay cng ty mun p dng c ch an ton ny. Ni chung, th in t nu khng c m ho s c coi nh l mt ci bu thip - bt c ai cng c th c v sa i.i vi mt phn mm th in t my trm khi c thit lp cu hnh gi v nhn nhng thng ip c m ho, tt c nhng thng ip nhn s c lu tr di dng c m ho. Mt phn mm th in t my khch th tn cng c th c thit lp cu hnh gi, nhn cc thng ip th in t khng c m ho, p dng cho nhng ni ch quan tm n tnh ton vn l ch yu. Cn c vo tnh nhy cm ca ni dung thng ip th in t m ngi s dng c th thit lp cu hnh mi ln c th in t ngi c cn nhp mt khu.4.3. Truy nhp cc h thng th tn in t da trn WebTheo quan im ca ngi s dng, vic truy nhp n my ch th in t thng qua vic s dng mt my ch Web s em n s hiu qu v giao din s dng thn thin hn. Tuy nhin, vn an ton cho h thng th cn c xem xt mt cch cn thn trc khi a ra quyt nh s dng giao din Web thc hin giao dch th in t. Hu ht cc vn lin quan n c ch an ton trong trng hp ny cng tng t nh i vi cc phn mm th in t thng thng. V d, vic truy nhp th in t da trn Web vi cu hnh mc nh vic gi mt khu v d liu khc cng dng r nh khi s dng POP v IMAP. i vi ni c yu cu an ton cao, ngi qun tr cn thit lp cu hnh my ch th ch chp nhn cc kt ni Web thng qua cc giao thc bo mt SSL/TLS h tr thut ton m ho 128-bit. Vi vic s dng cc giao thc trn mi d liu (thng tin ng nhp, ni dung th in t) s c m ho trong cc giao dch gia my ch Web (s dng cho th) v cc my trm ngi s dng chy trnh duyt. Ch rng d liu ch c bo mt trong giao dch, cn d liu th in t lu trn cc my ch v my trm l khng c bo mt. Trong trng hp ny, chng ta c th s dng cc phng php m ho th in t nh S/MINE hoc PGP. Tuy nhin cc h thng truyn th da trn Web khng h tr trc tip vic s dng phng php trn. Mt gii php c th thc hin c l m ho d liu mt cch offline sau dn n vo trong trnh duyt truyn (phng php ny c th d dng thc hin vi PGP).Kh nng truy nhp da trn giao din Web thng c p dng cho cc h thng c yu cu bo mt thp. Do khi mun s dng giao dch Web cho mt h thng th no cc nh hoch nh cn nhn thc y v nhng ri ro cho h thngRi ro ln ca cc h thng th in t da trn Web l chng c th c truy nhp t cc my tnh cng cng (c th l t cc m