Abstract
[Superseded by SP 800-45 Ver. 2 (February 2007):
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=50953] Electronic mail (email) is perhaps the most popularly used system for exchanging information over the Internet. After Web servers, mail servers are often the most targeted and attacked hosts on an organization's network. Various types of mail content and attachments have also proven to be effective in introducing malicious code into a system through the email client. Thus, it is essential to secure mail servers and clients as well as the network infrastructure that supports them. This document has been developed to assist federal departments and agencies, state agencies, and commercial organizations in installing, configuring, and maintaining secure mail servers and mail clients . It presents generic security principles and covers details specific to the various components of a mail system. It also includes examples that address two of the more popular mail server applications running respectively on Unix and Microsoft Windows operating systems: sendmail and Exchange.