Implementación de medidas de seguridad en un servidor de correos que minimicen el impacto de vulnerabilidades basadas en email.

Abstract

The communication by email today is something normal and important in companies and homes allowing the user to send and receive valuable information, due to this there will be malicious people who are dedicated to finding vulnerabilities in the mail servers causing failures and losses , these attacks based on emails are currently diverse, in this document we will talk about 4 types that are attachment-based, email spoofing, open relay and homoglyphs. These attacks originate from the lack of security in the sending of emails and a bad configuration of the mail server. With the help of tools such as telnet and emkei.cz it was possible to simulate the attacks on the server hosted in Digital Ocean with its domain pruebabryan.com to subsequently apply the controls. The solution is based on implementing policies on the part of the client to avoid attacks by means of viruses, in the part of the server some tools are configured such as SPF (Sender politicy framwork) and in the configuration of main and master files of postfix applying TLS parameters to prevent mail relaying.