| With the growth of the Internet in recent years, e-mail is more and more important. It is not only an internal tool within companies and organizations, but also unites people across companies and countries. As we know, e-mail has arguable become the single most important benefit of the Internet to date and become the necessity. On the other hand, the content of e-mail also experience a lot of changes: Before, people used e-mail to simply send short, unimportant notes to one another; until now, people use e-mail to send critical information.The unprecedented growth of e-mail has been enabled by the worldwide adoption of the underlying protocol or language of Internet e-mail: Simple Mail Transfer Protocol (SMTP). The SMTP standard makes it possible for different e-mail systems connected to the Internet to exchange information with one another. However, despite all the benefits that SMTP has brought to the Internet, it has an inherent problem. The SMTP standard was originally developed to carry brief, relatively unimportant messages on a closed network, not to carry critical and sensitive information in an interconnected world. No one who developed SMTP imagined that it would play the role it plays today. Because of that, SMTP was not designed to protect the type of information it carries today across the networks it crosses today and was not designed to provide security capabilities, and so on. All of these lead to huge security risks of e-mail transportation. Based on SMTP, Exchange Server 2003 inherits these problems.SMTP and ESMTP will be researched and analyzed. Because both of them have the security problems, TLS and Secure/Multipurpose Internet Mail Extension (S/MIME) have emerged as the standard to enhance SMTP e-mail messages with security capabilities. Though Exchange Server 2003 e-mail transportation has used a lot of methods to improve its security and safety, its transportation system still encounters kinds of attacks, for example, spoofing, Open Relay Attack, NDR Attack, Directory Harvest Attack and Denial of Service (DoS) Attack. This article will do security analysis, attack implementation and provide defend suggestions. |
PDF Full Text Request