基于LDAP的邮件系统的应用研究与实现以及对邮件系统相关协议扩展的建议
|
摘要
电子邮件服务是Internet中一项最基本、也是最为重要的服务,随着近几年来Internet的迅猛发展,电子邮件的用户数量也急剧增加,给系统管理员在管理电子邮件系统时带来了很多新问题,比如:传统的基于MX或Mailertable的邮件转发机制表现出了许多不足的地方,而如何管理好这种信息服务对于企业网、校园网的应用发展却是非常重要的。所以,近一两年来,采用目录服务(Directory Service)来解决传统的电子邮件系统的不足,并从协议的角度扩充SMTP对LDAP的支持,已成为Internet应用中的研究课题之一。
本文首先从邮件系统和目录服务所采用的相关协议入手,深入理解、分析了邮件系统、POP、IMAP和目录服务的工作机理,归纳出LDAP所应用的场合及其能支撑的环境,得出现行的邮件系统需要改进的地方。
传统的基于MX或者Mailertable进行邮件转发的机制在应用中表现出了许多不足的地方,本文详细阐述了基于LDAP的邮件转发机制及其优点,并在Unix/Linux系统下用C语言实现了相应的实验性系统,在测试的基础上,将其与传统的邮件转发机制进行了比较。
SMTP协议在RFC2554中扩展了认证的机制,这给邮件系统的认证提供了一个标准接口,并在汕头大学Email系统中得到了实现。本文提出了一种基于LDAP的邮件发送进行认证的方法,这一方法被证明能有效地控制盗用别人的电子邮件帐号来发送某些危害国家言论、病毒或者其他的垃圾邮件。
随着Internet的发展和新应用的出现,邮件系统的功能还须不断的扩展以满足新的需要。本文对邮件系统的相关协议的扩展进行了探讨,并提出了一些建议。
Email Service is one of the primitive services of the Internet, and the most important one as well. With the rapid development of Internet within these years, the number of people using Email is booming, which brings lots of new problems to the system administrator in managing the Email system. For example, a lot of disadvantages are found in the traditional MX-based or Mailtable Mail Relaying Mechanism. While the management of this information service is very important for the application of Enterprise Network or Campus Network. Therefore, adopting Directory Service to solve the problems of traditional E-mail system and extending SMTP to support LDAP in the aspect of the protocol have become one of the research tasks in the application of Internet in recent years.
This paper firstly sets about the relevant protocols which are used in the Mail System and Directory Service, and then explores and analyses the operational principle of Mail System, POP, IMAP and Directory Service. After that, it induces the occasions that LDAP can be applied and the environment that LDAP can supports. Finally, it concludes the aspects which need to be improved in the existing Mail System.
Relaying based on the traditional MX and Mailtable shows many disadvantages in practice. This paper discusses the LDAP-based mail relaying mechanism and its advantages in detail, and carries out a relevantly experimental system in Unix or Linux Platform using C. Some testing works have been done so as to compare this experimental system with the traditional MX-based relaying mechanism.
The extension of authentication function for SMTP can be found in RFC2554.This extension to SMTP provides a standard interface for authenticating. In this paper we bring forward a LDAP-based authentication mechanism to control email sending and it has been implemented in Shantou University. This method is
proved effective in preventing unauthorized people from sending spam mails, such as mails concerning the sayings endangering the nation, viruses and using others' email address to send mail.
With the development of Internet and the appearance of new application, the function of Mail System must be extended continuously in order to meet new needs. This paper discusses the extension of the protocols pertinent to Mail System, and brings forward some advice.
本文首先从邮件系统和目录服务所采用的相关协议入手,深入理解、分析了邮件系统、POP、IMAP和目录服务的工作机理,归纳出LDAP所应用的场合及其能支撑的环境,得出现行的邮件系统需要改进的地方。
传统的基于MX或者Mailertable进行邮件转发的机制在应用中表现出了许多不足的地方,本文详细阐述了基于LDAP的邮件转发机制及其优点,并在Unix/Linux系统下用C语言实现了相应的实验性系统,在测试的基础上,将其与传统的邮件转发机制进行了比较。
SMTP协议在RFC2554中扩展了认证的机制,这给邮件系统的认证提供了一个标准接口,并在汕头大学Email系统中得到了实现。本文提出了一种基于LDAP的邮件发送进行认证的方法,这一方法被证明能有效地控制盗用别人的电子邮件帐号来发送某些危害国家言论、病毒或者其他的垃圾邮件。
随着Internet的发展和新应用的出现,邮件系统的功能还须不断的扩展以满足新的需要。本文对邮件系统的相关协议的扩展进行了探讨,并提出了一些建议。
Email Service is one of the primitive services of the Internet, and the most important one as well. With the rapid development of Internet within these years, the number of people using Email is booming, which brings lots of new problems to the system administrator in managing the Email system. For example, a lot of disadvantages are found in the traditional MX-based or Mailtable Mail Relaying Mechanism. While the management of this information service is very important for the application of Enterprise Network or Campus Network. Therefore, adopting Directory Service to solve the problems of traditional E-mail system and extending SMTP to support LDAP in the aspect of the protocol have become one of the research tasks in the application of Internet in recent years.
This paper firstly sets about the relevant protocols which are used in the Mail System and Directory Service, and then explores and analyses the operational principle of Mail System, POP, IMAP and Directory Service. After that, it induces the occasions that LDAP can be applied and the environment that LDAP can supports. Finally, it concludes the aspects which need to be improved in the existing Mail System.
Relaying based on the traditional MX and Mailtable shows many disadvantages in practice. This paper discusses the LDAP-based mail relaying mechanism and its advantages in detail, and carries out a relevantly experimental system in Unix or Linux Platform using C. Some testing works have been done so as to compare this experimental system with the traditional MX-based relaying mechanism.
The extension of authentication function for SMTP can be found in RFC2554.This extension to SMTP provides a standard interface for authenticating. In this paper we bring forward a LDAP-based authentication mechanism to control email sending and it has been implemented in Shantou University. This method is
proved effective in preventing unauthorized people from sending spam mails, such as mails concerning the sayings endangering the nation, viruses and using others' email address to send mail.
With the development of Internet and the appearance of new application, the function of Mail System must be extended continuously in order to meet new needs. This paper discusses the extension of the protocols pertinent to Mail System, and brings forward some advice.
引文
[1] Internetworking with TCP/IP Volume Ⅰ : Principles ,Protocols ,and Architecture,Third Edition,by Douglas E.Comer,1995
[2] Internetworking with TCP/IP Volume Ⅱ: Design,Implementation,and Internals,Second Edition,by Douglas E.Comer and David L.Stevens,1994
[3] Internetworking with TCP/IP Volume Ⅲ: Client-Server Programming and Application by Douglas E.Comer and David L.Stevens Windows Sockets Version,1997
[4] Computer Networks and Internets Douglas E.Comer
[5] TCP/IP Network Administration Craig Hunt
[6] Operating Systems:Internals and Design Principles (Third Edition) William Stallings
[7] Computer Organization and Architecture (Fourth Edition,1996) William Stallings
[8] Data and Computer Communications (Fifth Edition,1997) Williams Stallings
[9] LAN Times Guide to Security and Data Integrity Marc Farly Tom Stearns Jeffey Hsu
[10] TCP/IP and Related Protocols (Third Edition) Uyless Black
[11] Multiprotocol Network Design and Troubleshooting Chris Brenton
[12] Unix Unleashed,System Administrator's Edition Robin Burk
[13] Unix Unleashed,System Administrator's Internet Robin Burk
[14] The Netscape Directory SDK Programmer's Guide documents the Netscape Directory SDK,a development kit for LDAP
[15] Advanced Programming in the Unix Environment W.Richard Stevens
[16] http://www.imc.org/draft-lachman-laser-ldap-mail-routing: LDAP Schema for Intranet Mail Routing
[17] RFC821: Simple Mail Transfer Protocol
[18] RFC822: Standard for ARPA Internet Text Messages
[19] RFC2554: SMTP Service Extension for Authentication
[20] 林南晖,黄华军 目录服务在邮件转发中的应用,小型微型计算机系统(增刊2001)
[21] 林南晖,黄华军 基于LDAP的邮件转发的机制,计算机工程,2002年第五期
[22] 黄华军,林南晖,刘雄 基于LDAP的邮件转发的实现,计算机工程,2002年第五期
[23] RFC2649: An LDAP Control and Schema for Holding Operations Signatures
[24] RFC1777: Lightweight Directory Access Protocol
[25] RFC1487:X.500 Lightweight Directory Access Procotol
[26] RFC2307: An Approach for Using as a Network Information Service
[27] RFC1869: SMTP Service Extensions
[28] RFC974. MAIL ROUTING AND THE DOMAIN SYSTEM
[29] RFC976: UUCP Mail Interchange Format Standard
[30] RFC1123: Requirements for Internet Hosts--Application and Support
[31] RFC1413: Identification Protocol
[32] RFC1652: SMTP Service Extension for 8bit-MIME transport
[33] RFC1870: SMTP Service Extension for Message Size Declaration
[34] RFC1521: MIME (Multipurpose Internet Mail Extensions) Part One: Mechanisms for Specifying and Describing the Format of Internet Message Bodies
[35] RFC1344: Implications of MIME for Internet Mail Gateways
[36] RFC1428. Transition of Internet Mail from Just-Send-8 to 8bit-SMTP/MIME
[37] RFC1891: SMTP Service Extension for Delivery Status Notifications
[38] RFC1892. The Multipart/Report Content Type for the Reporting of Mail System Administrative Messages
[39] RFC1893: Enhanced Mail System Status Codes
[40] RFC1894: An Extensible Message Format for Delivery Status Notifications
[41] RFC1985. SMTP Service Extension for Remote Message Queue Starting
[42] RFC987: Mapping between X.400 and RFC 822
[43] RFC1049: A CONTENT-TYPE HEADER FIELD FOR INTERNET MESSAGES
[44] RFC2253: Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
[45] RFC2195: I MAP/POP AUTHorize Extension for Simple Challenge/Response
[46] RFC2222. Simple Authentication and Security Layer (SASL)
[47] RFC1825: Security Architecture for the Internet Protocol
[48] RFC1826: IP Authentication Header
[49] RFC1827: IP Encapsulating Security Payload (ESP)
[50] http://www.acmeinfo.com/support/email/outgoingmail.htm
[51] http://spam.abuse. net/spambad.html
[52] http://www.cauce.org/
[53] http://www.longen.com IT词典部分
[54] http://www.usatoday.com/life/cybert/tech/ctb562.htm
[55] http://en.linuxeinfo.com.cn/training/fyzp/sengmail 101.htm
[56] http://www.sendmail.org
[57] http://www.sendmail.net
[58] http://www.sendmail.com
[59] http://Developer. Netscape.com
[60] 现代网络技术教程 张公忠 编著
[61] Linux 系统分析与高级编程技术 周巍松等编著
[62] Unix技术——系统程序设计篇
[63] Linux 网络编程 李卓桓 翟华 等编著
[64] Linux 管理员指南 何田 宋健平等编著
[65] CERNET 2000 学术年会 论文卷(第五卷)
[66] [美]Douglas E.Comer 著 徐良贤 张声坚 吴海通 等译 计算机网络与互联网(新版) 电子工业出版社2001年4月
[67] RFC2078: Generic Security Service Application Program Interface,Version 2
[68] RFC2251: Lightweight Directory Access Protocol (v3)
[69] RFC1425: SMTP Service Extensions
[70] Tom Bialaski-Enterprise Engineering Sun BluePrints~TM Online-December 1999: Clustering LDAP Directory Servers
[71] http://middleware.internet2.edu/draft-nklingenstein-k12-primer-OO.html:K—12 Middleware Primer
[72] http://middleware.internet2.edu/internet2-and-sparc.html. What Internet2 can do for SPARC
[73] http://www.oit.umd.edu/middlware/ldap/ldapoverview.html.LDAP Overview
[74] http://ldap.ru.ac.za/proposal: An investigation into the use of LDAP (or a middleware client) in the provisioning of campus services Author: Guy Antony Halse Supervisor: Professor Peter Wentworth Date: 13 March 2000
[75] http://middleware.internet2.edu/
[76] http://www.sendmail.net/usingsmtpauth.shtml:Using SMTP AUTH in Sendmail8.10
[78] http://www.sendmail.net/~ca/email/auth.html: SMTP AUTH in sendmail 8.10/8.11
[79] http://www.send mail.net/~ca/email/cyrus/sysad min.html: Cyrus SASL for System Administrators
[80] 智少游,中间件、系统集成与CORBA,《通信技术》:1997年第3期总第98期
[81] 郑雪,徐亚娟,中间件的概念、分类与应用,《微型电脑应用》:1999年第2期
[82] 王辉,施小英,中间件服务及其集成框架,《计算机工程与应用》:1998.9
[83] RFC 1521: Multipurpose Internet Mail Extensions
[84] RFC 1522: Representation of Non-ASCll Text in Internet Message Headers
这里列出本论文中使用的网络术语和缩略语,少量没有提及的,请参见相关章节或者相关技术资料中的说明。
BIN: BINary (二进制)
CES: Case Exact String (大小写敏感)
CIS: Case lgnore String (忽略大小写)
C/S: Clinet/Server (客户/服务器)
CRLF: Carriage Return & Line Feed (回车换行)
DCE: Distributed Compute Environment (分布计算环境)
DM: DataBase Middleware (数据库中间件)
DN: Distinguished Name (标识名)
DNS: Domain Name System (域名系统)
GSSAPI: Generic Security Service Application Program Interface
IMAP: Internet Message Access Protocol (Internet信息访问协议)
ISP: Internet Service Provider (Internet服务提供商)
LDAP: Lightest Directory Access Protocol (轻量级目录访问协议)
MDA: Mail Delivery Agent (邮件投递代理)
MOM: Message—Oriented Middleware (面向对象中间件)
MRS: Mail Relay Server (邮件中继服务器)
MTA: Mail Transfer Agent (邮件传输代理)
MTS: Message Transfer System (消息传输系统)
MUA: Mail User Agent (邮件用户代理)
MX: Mail e×change (邮件交换)
ORB: Object Request Brokers (对象请求代理)
OSF: Open Software Foundation (开放软件基金会)
PAM: Pluggable Authentication Module (可插入认证模块)
PM: Proprietary Middleware (专用中间件)
POP: Post Office Protocol (邮局协议)
RPC: Remote Procedure Call (远程过程调用)
SASL: Simple Authentication and Security Layer (简单论证安全协议层)
SMTP: Simple Mail Transfer Protocol (简单邮件传输协议)
SP: SPace (空格)
TEL: Telphone (电话型)
TPM: Transaction Processing Monitor (事务处理监视)
[2] Internetworking with TCP/IP Volume Ⅱ: Design,Implementation,and Internals,Second Edition,by Douglas E.Comer and David L.Stevens,1994
[3] Internetworking with TCP/IP Volume Ⅲ: Client-Server Programming and Application by Douglas E.Comer and David L.Stevens Windows Sockets Version,1997
[4] Computer Networks and Internets Douglas E.Comer
[5] TCP/IP Network Administration Craig Hunt
[6] Operating Systems:Internals and Design Principles (Third Edition) William Stallings
[7] Computer Organization and Architecture (Fourth Edition,1996) William Stallings
[8] Data and Computer Communications (Fifth Edition,1997) Williams Stallings
[9] LAN Times Guide to Security and Data Integrity Marc Farly Tom Stearns Jeffey Hsu
[10] TCP/IP and Related Protocols (Third Edition) Uyless Black
[11] Multiprotocol Network Design and Troubleshooting Chris Brenton
[12] Unix Unleashed,System Administrator's Edition Robin Burk
[13] Unix Unleashed,System Administrator's Internet Robin Burk
[14] The Netscape Directory SDK Programmer's Guide documents the Netscape Directory SDK,a development kit for LDAP
[15] Advanced Programming in the Unix Environment W.Richard Stevens
[16] http://www.imc.org/draft-lachman-laser-ldap-mail-routing: LDAP Schema for Intranet Mail Routing
[17] RFC821: Simple Mail Transfer Protocol
[18] RFC822: Standard for ARPA Internet Text Messages
[19] RFC2554: SMTP Service Extension for Authentication
[20] 林南晖,黄华军 目录服务在邮件转发中的应用,小型微型计算机系统(增刊2001)
[21] 林南晖,黄华军 基于LDAP的邮件转发的机制,计算机工程,2002年第五期
[22] 黄华军,林南晖,刘雄 基于LDAP的邮件转发的实现,计算机工程,2002年第五期
[23] RFC2649: An LDAP Control and Schema for Holding Operations Signatures
[24] RFC1777: Lightweight Directory Access Protocol
[25] RFC1487:X.500 Lightweight Directory Access Procotol
[26] RFC2307: An Approach for Using as a Network Information Service
[27] RFC1869: SMTP Service Extensions
[28] RFC974. MAIL ROUTING AND THE DOMAIN SYSTEM
[29] RFC976: UUCP Mail Interchange Format Standard
[30] RFC1123: Requirements for Internet Hosts--Application and Support
[31] RFC1413: Identification Protocol
[32] RFC1652: SMTP Service Extension for 8bit-MIME transport
[33] RFC1870: SMTP Service Extension for Message Size Declaration
[34] RFC1521: MIME (Multipurpose Internet Mail Extensions) Part One: Mechanisms for Specifying and Describing the Format of Internet Message Bodies
[35] RFC1344: Implications of MIME for Internet Mail Gateways
[36] RFC1428. Transition of Internet Mail from Just-Send-8 to 8bit-SMTP/MIME
[37] RFC1891: SMTP Service Extension for Delivery Status Notifications
[38] RFC1892. The Multipart/Report Content Type for the Reporting of Mail System Administrative Messages
[39] RFC1893: Enhanced Mail System Status Codes
[40] RFC1894: An Extensible Message Format for Delivery Status Notifications
[41] RFC1985. SMTP Service Extension for Remote Message Queue Starting
[42] RFC987: Mapping between X.400 and RFC 822
[43] RFC1049: A CONTENT-TYPE HEADER FIELD FOR INTERNET MESSAGES
[44] RFC2253: Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
[45] RFC2195: I MAP/POP AUTHorize Extension for Simple Challenge/Response
[46] RFC2222. Simple Authentication and Security Layer (SASL)
[47] RFC1825: Security Architecture for the Internet Protocol
[48] RFC1826: IP Authentication Header
[49] RFC1827: IP Encapsulating Security Payload (ESP)
[50] http://www.acmeinfo.com/support/email/outgoingmail.htm
[51] http://spam.abuse. net/spambad.html
[52] http://www.cauce.org/
[53] http://www.longen.com IT词典部分
[54] http://www.usatoday.com/life/cybert/tech/ctb562.htm
[55] http://en.linuxeinfo.com.cn/training/fyzp/sengmail 101.htm
[56] http://www.sendmail.org
[57] http://www.sendmail.net
[58] http://www.sendmail.com
[59] http://Developer. Netscape.com
[60] 现代网络技术教程 张公忠 编著
[61] Linux 系统分析与高级编程技术 周巍松等编著
[62] Unix技术——系统程序设计篇
[63] Linux 网络编程 李卓桓 翟华 等编著
[64] Linux 管理员指南 何田 宋健平等编著
[65] CERNET 2000 学术年会 论文卷(第五卷)
[66] [美]Douglas E.Comer 著 徐良贤 张声坚 吴海通 等译 计算机网络与互联网(新版) 电子工业出版社2001年4月
[67] RFC2078: Generic Security Service Application Program Interface,Version 2
[68] RFC2251: Lightweight Directory Access Protocol (v3)
[69] RFC1425: SMTP Service Extensions
[70] Tom Bialaski-Enterprise Engineering Sun BluePrints~TM Online-December 1999: Clustering LDAP Directory Servers
[71] http://middleware.internet2.edu/draft-nklingenstein-k12-primer-OO.html:K—12 Middleware Primer
[72] http://middleware.internet2.edu/internet2-and-sparc.html. What Internet2 can do for SPARC
[73] http://www.oit.umd.edu/middlware/ldap/ldapoverview.html.LDAP Overview
[74] http://ldap.ru.ac.za/proposal: An investigation into the use of LDAP (or a middleware client) in the provisioning of campus services Author: Guy Antony Halse Supervisor: Professor Peter Wentworth Date: 13 March 2000
[75] http://middleware.internet2.edu/
[76] http://www.sendmail.net/usingsmtpauth.shtml:Using SMTP AUTH in Sendmail8.10
[78] http://www.sendmail.net/~ca/email/auth.html: SMTP AUTH in sendmail 8.10/8.11
[79] http://www.send mail.net/~ca/email/cyrus/sysad min.html: Cyrus SASL for System Administrators
[80] 智少游,中间件、系统集成与CORBA,《通信技术》:1997年第3期总第98期
[81] 郑雪,徐亚娟,中间件的概念、分类与应用,《微型电脑应用》:1999年第2期
[82] 王辉,施小英,中间件服务及其集成框架,《计算机工程与应用》:1998.9
[83] RFC 1521: Multipurpose Internet Mail Extensions
[84] RFC 1522: Representation of Non-ASCll Text in Internet Message Headers
这里列出本论文中使用的网络术语和缩略语,少量没有提及的,请参见相关章节或者相关技术资料中的说明。
BIN: BINary (二进制)
CES: Case Exact String (大小写敏感)
CIS: Case lgnore String (忽略大小写)
C/S: Clinet/Server (客户/服务器)
CRLF: Carriage Return & Line Feed (回车换行)
DCE: Distributed Compute Environment (分布计算环境)
DM: DataBase Middleware (数据库中间件)
DN: Distinguished Name (标识名)
DNS: Domain Name System (域名系统)
GSSAPI: Generic Security Service Application Program Interface
IMAP: Internet Message Access Protocol (Internet信息访问协议)
ISP: Internet Service Provider (Internet服务提供商)
LDAP: Lightest Directory Access Protocol (轻量级目录访问协议)
MDA: Mail Delivery Agent (邮件投递代理)
MOM: Message—Oriented Middleware (面向对象中间件)
MRS: Mail Relay Server (邮件中继服务器)
MTA: Mail Transfer Agent (邮件传输代理)
MTS: Message Transfer System (消息传输系统)
MUA: Mail User Agent (邮件用户代理)
MX: Mail e×change (邮件交换)
ORB: Object Request Brokers (对象请求代理)
OSF: Open Software Foundation (开放软件基金会)
PAM: Pluggable Authentication Module (可插入认证模块)
PM: Proprietary Middleware (专用中间件)
POP: Post Office Protocol (邮局协议)
RPC: Remote Procedure Call (远程过程调用)
SASL: Simple Authentication and Security Layer (简单论证安全协议层)
SMTP: Simple Mail Transfer Protocol (简单邮件传输协议)
SP: SPace (空格)
TEL: Telphone (电话型)
TPM: Transaction Processing Monitor (事务处理监视)
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |