Mail User Agents; Securing Communication - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual

Chapter 24. Email
To file email tagged as spam, a rule similar to the following can be used:
:0 Hw * ^X-Spam-Status: Yes spam
This rule files all email tagged in the header as spam into a mailbox called spam.
Since SpamAssassin is a Perl script, it may be necessary on busy servers to use the binary
SpamAssassin daemon (spamd) and client application (spamc). Configuring SpamAssassin this way,
however, requires root access to the host.
To start the spamd daemon, type the following command as root:
/sbin/service spamassassin start
To start the SpamAssassin daemon when the system is booted, use an initscript utility, such as the
Services Configuration Tool (system-config-services), to turn on the spamassassin service.
Refer to for more information about initscript utilities.
To configure Procmail to use the SpamAssassin client application instead of the Perl script, place the
following line near the top of the ~/.procmailrc file. For a system-wide configuration, place it in /
etc/procmailrc:
INCLUDERC=/etc/mail/spamassassin/spamassassin-spamc.rc

24.6. Mail User Agents

There are scores of mail programs available under Red Hat Enterprise Linux. There are full-featured,
graphical email client programs, such as Ximian Evolution, as well as text-based email programs
such as mutt.
The remainder of this section focuses on securing communication between the client and server.

24.6.1. Securing Communication

Popular MUAs included with Red Hat Enterprise Linux, such as Ximian Evolution and mutt offer
SSL-encrypted email sessions.
Like any other service that flows over a network unencrypted, important email information, such
as usernames, passwords, and entire messages, may be intercepted and viewed by users on the
network. Additionally, since the standard POP and IMAP protocols pass authentication information
unencrypted, it is possible for an attacker to gain access to user accounts by collecting usernames
and passwords as they are passed over the network.
24.6.1.1. Secure Email Clients
Most Linux MUAs designed to check email on remote servers support SSL encryption. To use SSL
when retrieving email, it must be enabled on both the email client and server.
SSL is easy to enable on the client-side, often done with the click of a button in the MUA's
configuration window or via an option in the MUA's configuration file. Secure IMAP and POP have
398